|
257061
|
6.1 |
MEDIUM
Network
|
mapbox_project
|
mapbox
|
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000042
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257062
|
9.8 |
CRITICAL
Network
|
framasoft
|
framadate
|
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution
|
CWE-20
Improper Input Validation
|
CVE-2017-1000039
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257063
|
6.1 |
MEDIUM
Network
|
relevanssi
|
relevanssi
|
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000038
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257064
|
9.8 |
CRITICAL
Network
|
rvm_project
|
rvm
|
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD…
|
NVD-CWE-noinfo
|
CVE-2017-1000037
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257065
|
6.1 |
MEDIUM
Network
|
tt-rss
|
tiny_tiny_rss
|
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000035
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257066
|
8.1 |
HIGH
Network
|
akka
|
akka
|
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000034
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257067
|
6.1 |
MEDIUM
Network
|
vospari_forms_project
|
vospari_forms
|
Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000033
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257068
|
6.1 |
MEDIUM
Network
|
cacti
|
cacti
|
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sourc…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000032
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257069
|
8.8 |
HIGH
Network
|
cacti
|
cacti
|
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
|
CWE-89
SQL Injection
|
CVE-2017-1000031
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257070
|
9.8 |
CRITICAL
Network
|
oracle
|
glassfish_server
|
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain te…
|
CWE-287
Improper Authentication
|
CVE-2017-1000030
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
