|
250741
|
5.9 |
MEDIUM
Network
|
citrix
|
netscaler_application_delivery_controller_firmware
|
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for rem…
|
CWE-200
Information Exposure
|
CVE-2017-5933
|
2024-11-21 12:28 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250742
|
9.8 |
CRITICAL
Network
|
pear
|
html_ajax
|
PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.
|
NVD-CWE-noinfo
|
CVE-2017-5677
|
2024-11-21 12:28 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250743
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to…
|
CWE-89
SQL Injection
|
CVE-2017-5879
|
2024-11-21 12:28 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250744
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5877
|
2024-11-21 12:28 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250745
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5876
|
2024-11-21 12:28 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250746
|
5.4 |
MEDIUM
Network
|
dotcms
|
dotcms
|
XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5875
|
2024-11-21 12:28 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250747
|
6.1 |
MEDIUM
Network
|
sanadata
|
sanacms
|
Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5882
|
2024-11-21 12:28 |
2017-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250748
|
6.5 |
MEDIUM
Network
|
splunk
|
splunk
|
Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Ligh…
|
CWE-20
Improper Input Validation
|
CVE-2017-5880
|
2024-11-21 12:28 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250749
|
7.5 |
HIGH
Network
|
php
|
pear
|
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via cr…
|
CWE-74
Injection
|
CVE-2017-5630
|
2024-11-21 12:28 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250750
|
6.5 |
MEDIUM
Adjacent
|
asus
|
rt-n56u_firmware
|
An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the de…
|
NVD-CWE-noinfo
|
CVE-2017-5632
|
2024-11-21 12:28 |
2017-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
