|
250461
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-fold…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5542
|
2024-11-21 12:27 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250462
|
5.3 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder…
|
CWE-22
Path Traversal
|
CVE-2017-5541
|
2024-11-21 12:27 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250463
|
6.1 |
MEDIUM
Network
|
eclinicalworks
|
patient_portal
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inse…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5599
|
2024-11-21 12:27 |
2017-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250464
|
7.5 |
HIGH
Network
|
quagga
|
quagga
|
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Q…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5495
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250465
|
5.9 |
MEDIUM
Network
|
fiberhome
|
fengine_s5800_firmware
|
An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-5544
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250466
|
8.8 |
HIGH
Network
|
metalgenix
|
genixcms
|
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files wit…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-5520
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250467
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5519
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250468
|
7.4 |
HIGH
Network
|
metalgenix
|
genixcms
|
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-5518
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250469
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5517
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250470
|
6.1 |
MEDIUM
Network
|
metalgenix
|
genixcms
|
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5516
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
