|
256781
|
9.8 |
CRITICAL
Network
|
awstats
debian
|
awstats
debian_linux
|
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
|
CWE-22
Path Traversal
|
CVE-2017-1000501
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256782
|
5.4 |
MEDIUM
Network
|
lavalite
|
lavalite
|
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000467
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256783
|
8.8 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as dele…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000499
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256784
|
7.8 |
HIGH
Local
|
androidsvg_project
|
androidsvg
|
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
|
CWE-611
XXE
|
CVE-2017-1000498
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256785
|
9.8 |
CRITICAL
Network
|
pepperminty-wiki_project
|
pepperminty-wiki
|
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution
|
CWE-611
XXE
|
CVE-2017-1000497
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256786
|
8.8 |
HIGH
Network
|
commsy
|
commsy
|
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.
|
CWE-611
XXE
|
CVE-2017-1000496
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256787
|
5.4 |
MEDIUM
Network
|
quickappscms
|
quickapps_cms
|
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's …
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000495
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256788
|
7.8 |
HIGH
Local
|
miniupnp_project
|
miniupnpd
|
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or p…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000494
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256789
|
9.8 |
CRITICAL
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover
|
CWE-74
Injection
|
CVE-2017-1000493
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256790
|
6.1 |
MEDIUM
Network
|
leanote
|
desktop
|
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000492
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
