|
256871
|
6.1 |
MEDIUM
Network
|
i-librarian
|
i_librarian
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed i…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000236
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256872
|
9.8 |
CRITICAL
Network
|
i-librarian
|
i_librarian
|
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
|
CWE-78
OS Command
|
CVE-2017-1000235
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256873
|
5.3 |
MEDIUM
Network
|
i-librarian
|
i_librarian
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter
|
CWE-200
Information Exposure
|
CVE-2017-1000234
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256874
|
9.8 |
CRITICAL
Network
|
nlnetlabs
|
ldns
|
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
|
CWE-415
Double Free
|
CVE-2017-1000232
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256875
|
9.8 |
CRITICAL
Network
|
nlnetlabs
|
ldns
|
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
|
CWE-415
Double Free
|
CVE-2017-1000231
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256876
|
8.1 |
HIGH
Network
|
open-emr
|
openemr
|
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view an…
|
CWE-269
Improper Privilege Management
|
CVE-2017-1000241
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256877
|
5.4 |
MEDIUM
Network
|
open-emr
|
openemr
|
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote auth…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000240
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256878
|
5.4 |
MEDIUM
Network
|
invoiceplane
|
invoiceplane
|
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of …
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000239
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256879
|
8.8 |
HIGH
Network
|
invoiceplane
|
invoiceplane
|
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-1000238
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256880
|
9.8 |
CRITICAL
Network
|
ejs
|
ejs
|
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
|
CWE-20
Improper Input Validation
|
CVE-2017-1000228
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
