|
256671
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortios
|
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header …
|
CWE-79
Cross-site Scripting
|
CVE-2017-14190
|
2024-11-21 12:12 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256672
|
7.5 |
HIGH
Network
|
wondercms
|
wondercms
|
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can onl…
|
CWE-74
Injection
|
CVE-2017-14523
|
2024-11-21 12:12 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256673
|
6.1 |
MEDIUM
Network
|
wondercms
|
wondercms
|
In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14522
|
2024-11-21 12:12 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256674
|
8.8 |
HIGH
Network
|
wondercms
|
wondercms
|
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-14521
|
2024-11-21 12:12 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256675
|
7.5 |
HIGH
Network
|
parity
|
ethereum_client
|
An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can tri…
|
NVD-CWE-noinfo
|
CVE-2017-14460
|
2024-11-21 12:12 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256676
|
8.2 |
HIGH
Network
|
ethereum
|
ethereum_virtual_machine
|
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can c…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14457
|
2024-11-21 12:12 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256677
|
9.8 |
CRITICAL
Network
|
trendmicro
|
smart_protection_server
|
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that cou…
|
NVD-CWE-noinfo
|
CVE-2017-14097
|
2024-11-21 12:12 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256678
|
6.1 |
MEDIUM
Network
|
trendmicro
|
smart_protection_server
|
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable syste…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14096
|
2024-11-21 12:12 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256679
|
8.1 |
HIGH
Network
|
trendmicro
|
smart_protection_server
|
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable syste…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2017-14095
|
2024-11-21 12:12 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256680
|
9.8 |
CRITICAL
Network
|
trendmicro
|
smart_protection_server
|
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
|
CWE-74
Injection
|
CVE-2017-14094
|
2024-11-21 12:12 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
