|
256861
|
5.4 |
MEDIUM
Network
|
modx
|
modx_revolution
|
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious Java…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000223
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256862
|
5.4 |
MEDIUM
Network
|
tine20
|
tine_2.0
|
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000164
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256863
|
5.4 |
MEDIUM
Network
|
expressionengine
|
expressionengine
|
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000160
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256864
|
9.8 |
CRITICAL
Network
|
python
debian
|
python
debian_linux
|
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code ex…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-1000158
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256865
|
7.5 |
HIGH
Network
|
s9y
|
serendipity
|
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
|
CWE-89
SQL Injection
|
CVE-2017-1000129
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256866
|
7.5 |
HIGH
Network
|
codiad
|
codiad
|
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000125
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256867
|
9.8 |
CRITICAL
Network
|
redis-store
|
redis-store
|
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000248
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256868
|
7.5 |
HIGH
Network
|
codeigniter
|
codeigniter
|
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.
|
CWE-20
Improper Input Validation
|
CVE-2017-1000247
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256869
|
5.3 |
MEDIUM
Network
|
pysaml2_project
|
pysaml2
|
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2017-1000246
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256870
|
9.8 |
CRITICAL
Network
|
i-librarian
|
i_librarian
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-1000237
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
