|
250651
|
5.9 |
MEDIUM
Network
|
fiberhome
|
fengine_s5800_firmware
|
An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-5544
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250652
|
8.8 |
HIGH
Network
|
metalgenix
|
genixcms
|
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files wit…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-5520
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250653
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5519
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250654
|
7.4 |
HIGH
Network
|
metalgenix
|
genixcms
|
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-5518
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250655
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5517
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250656
|
6.1 |
MEDIUM
Network
|
metalgenix
|
genixcms
|
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5516
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250657
|
5.4 |
MEDIUM
Network
|
metalgenix
|
genixcms
|
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5515
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250658
|
5.5 |
MEDIUM
Local
|
phpmailer_project
|
phpmailer
|
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to…
|
CWE-200
Information Exposure
|
CVE-2017-5223
|
2024-11-21 12:27 |
2017-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250659
|
5.4 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5494
|
2024-11-21 12:27 |
2017-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250660
|
8.1 |
HIGH
Network
|
b2evolution
|
b2evolution
|
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to prov…
|
CWE-22
Path Traversal
|
CVE-2017-5480
|
2024-11-21 12:27 |
2017-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
