|
264511
|
7.5 |
HIGH
Network
|
wordpress
|
wordpress
|
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows …
|
NVD-CWE-noinfo
|
CVE-2017-1001000
|
2024-11-21 12:04 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264512
|
7.5 |
HIGH
Network
|
ui
|
airos
edgemax_firmware
|
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
|
CWE-20
Improper Input Validation
|
CVE-2017-0938
|
2024-11-21 12:03 |
2019-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264513
|
7.5 |
HIGH
Network
|
dnnsoftware
|
dotnetnuke
|
DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network reso…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-0929
|
2024-11-21 12:03 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264514
|
8.1 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account ta…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-0921
|
2024-11-21 12:03 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264515
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perfor…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-0919
|
2024-11-21 12:03 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264516
|
4.7 |
MEDIUM
Local
|
ubnt
|
ucrm
|
Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Succ…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-0913
|
2024-11-21 12:03 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264517
|
5.4 |
MEDIUM
Network
|
ui
|
ucrm
|
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. …
|
CWE-79
Cross-site Scripting
|
CVE-2017-0912
|
2024-11-21 12:03 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264518
|
6.1 |
MEDIUM
Network
|
html-janitor_project
|
html-janitor
|
html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.
|
CWE-79
Cross-site Scripting
|
CVE-2017-0931
|
2024-11-21 12:03 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264519
|
6.5 |
MEDIUM
Network
|
augustine_project
|
augustine
|
augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
|
CWE-22
Path Traversal
|
CVE-2017-0930
|
2024-11-21 12:03 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264520
|
6.1 |
MEDIUM
Network
|
theguardian
|
html-janitor
|
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
|
CWE-642
External Control of Critical State Data
|
CVE-2017-0928
|
2024-11-21 12:03 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
