|
247071
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in co…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9448
|
2024-11-21 12:36 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247072
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), …
|
CWE-352
Origin Validation Error
|
CVE-2017-9444
|
2024-11-21 12:36 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247073
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modu…
|
CWE-89
SQL Injection
|
CVE-2017-9443
|
2024-11-21 12:36 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247074
|
6.1 |
MEDIUM
Network
|
sunnythemes
|
spiffy_calendar
|
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9420
|
2024-11-21 12:36 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247075
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-9440
|
2024-11-21 12:36 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247076
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-9439
|
2024-11-21 12:36 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247077
|
7.5 |
HIGH
Network
|
virustotal
|
yara
|
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_em…
|
CWE-674
Uncontrolled Recursion
|
CVE-2017-9438
|
2024-11-21 12:36 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247078
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename pa…
|
CWE-94
Code Injection
|
CVE-2017-9442
|
2024-11-21 12:36 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247079
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9441
|
2024-11-21 12:36 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247080
|
8.8 |
HIGH
Network
|
openbravo
|
openbravo_erp
|
Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.
|
CWE-89
SQL Injection
|
CVE-2017-9437
|
2024-11-21 12:36 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
