|
247181
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
|
CWE-89
SQL Injection
|
CVE-2017-8789
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247182
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.
|
CWE-93
CRLF Injection
|
CVE-2017-8788
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247183
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop spe…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8760
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247184
|
8.8 |
HIGH
Network
|
podofo_project
|
podofo
|
The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer o…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-8787
|
2024-11-21 12:34 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247185
|
9.8 |
CRITICAL
Network
|
pcre
|
pcre2
|
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8786
|
2024-11-21 12:34 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247186
|
9.8 |
CRITICAL
Network
|
atlassian
|
sourcetree
|
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree…
|
CWE-78
OS Command
|
CVE-2017-8768
|
2024-11-21 12:34 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247187
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8778
|
2024-11-21 12:34 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247188
|
4.8 |
MEDIUM
Network
|
genixcms
|
genixcms
|
GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8780
|
2024-11-21 12:34 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247189
|
7.5 |
HIGH
Network
|
rpcbind_project
libtirpc_project
ntirpc_project
|
rpcbind
libtirpc
ntirpc
|
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-8779
|
2024-11-21 12:34 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247190
|
7.5 |
HIGH
Network
|
quickheal
|
antivirus_pro
internet_security
total_security
|
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR…
|
NVD-CWE-noinfo
|
CVE-2017-8776
|
2024-11-21 12:34 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
