|
256611
|
5.4 |
MEDIUM
Network
|
tine20
|
tine_2.0
|
Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rend…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14921
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256612
|
6.1 |
MEDIUM
Network
|
egroupware
|
egroupware
|
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14920
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256613
|
9.8 |
CRITICAL
Network
|
filerun
|
filerun
|
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search f…
|
CWE-89
SQL Injection
|
CVE-2017-14738
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256614
|
9.8 |
CRITICAL
Network
|
branaghgroup
|
ers_data_system
|
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-14702
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256615
|
6.1 |
MEDIUM
Network
|
smartertools
|
smarterstats
|
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14620
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256616
|
5.9 |
MEDIUM
Network
|
zohocorp
|
site24x7_mobile_network_poller
|
The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-14582
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256617
|
8.8 |
HIGH
Network
|
git-scm
debian
|
git
debian_linux
|
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers…
|
CWE-78
OS Command
|
CVE-2017-14867
|
2024-11-21 12:13 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256618
|
5.5 |
MEDIUM
Local
|
exiv2
|
exiv2
|
There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14866
|
2024-11-21 12:13 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256619
|
5.5 |
MEDIUM
Local
|
exiv2
|
exiv2
|
There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14865
|
2024-11-21 12:13 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256620
|
5.5 |
MEDIUM
Local
|
exiv2
canonical
debian
|
exiv2
ubuntu_linux
debian_linux
|
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of servi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14864
|
2024-11-21 12:13 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
