|
256801
|
6.1 |
MEDIUM
Network
|
liferay
|
liferay_portal
|
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000425
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256802
|
6.1 |
MEDIUM
Network
|
omniscale
|
mapproxy
|
MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000426
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256803
|
6.1 |
MEDIUM
Network
|
ez
|
ez_publish
|
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authent…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000431
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256804
|
9.8 |
CRITICAL
Network
|
rust-base64_project
|
rust-base64
|
rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000430
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256805
|
4.3 |
MEDIUM
Network
|
atom
|
electron
|
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
|
NVD-CWE-noinfo
|
CVE-2017-1000424
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256806
|
9.8 |
CRITICAL
Network
|
b2evolution
|
b2evolution
|
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code executio…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000423
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256807
|
8.8 |
HIGH
Network
|
gnome
debian
canonical
|
gdk-pixbuf
debian_linux
ubuntu_linux
|
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-1000422
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256808
|
9.8 |
CRITICAL
Network
|
lcdf
debian
|
gifsicle
debian_linux
|
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution
|
CWE-416
Use After Free
|
CVE-2017-1000421
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256809
|
7.5 |
HIGH
Network
|
syncthing
|
syncthing
|
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
|
CWE-59
Link Following
|
CVE-2017-1000420
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256810
|
7.5 |
HIGH
Network
|
phpbb
|
phpbb
|
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal se…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-1000419
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
