|
257301
|
7.5 |
HIGH
Network
|
gnome
|
epiphany
|
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfi…
|
CWE-200
Information Exposure
|
CVE-2017-1000025
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257302
|
7.5 |
HIGH
Network
|
gnome
|
shotwell
|
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-1000024
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257303
|
5.4 |
MEDIUM
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000023
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257304
|
8.8 |
HIGH
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000022
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257305
|
8.8 |
HIGH
Network
|
logicaldoc
|
logicaldoc
|
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.
|
CWE-611
XXE
|
CVE-2017-1000021
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257306
|
9.8 |
CRITICAL
Network
|
ecos
|
embedded_web_servers
|
SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending S…
|
CWE-287
Improper Authentication
|
CVE-2017-1000020
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257307
|
7.5 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name
|
CWE-20
Improper Input Validation
|
CVE-2017-1000018
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257308
|
8.8 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-1000017
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257309
|
7.5 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.
|
CWE-20
Improper Input Validation
|
CVE-2017-1000016
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257310
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000015
|
2024-11-21 12:03 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
