|
248061
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
|
CWE-89
SQL Injection
|
CVE-2017-7991
|
2024-11-21 12:33 |
2017-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248062
|
9.8 |
CRITICAL
Network
|
tenable
|
appliance
|
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote…
|
CWE-78
OS Command
|
CVE-2017-8051
|
2024-11-21 12:33 |
2017-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248063
|
7.5 |
HIGH
Network
|
tenable
|
appliance
|
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
|
NVD-CWE-noinfo
|
CVE-2017-8050
|
2024-11-21 12:33 |
2017-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248064
|
6.5 |
MEDIUM
Network
|
podofo_project
|
podofo
|
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7994
|
2024-11-21 12:33 |
2017-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248065
|
6.1 |
MEDIUM
Network
|
heartland_payment_systems
|
heartland-php
|
Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv pa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7992
|
2024-11-21 12:33 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248066
|
8.8 |
HIGH
Network
|
wondercms
|
wondercms
|
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.
|
CWE-352
Origin Validation Error
|
CVE-2017-7951
|
2024-11-21 12:33 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248067
|
8.8 |
HIGH
Network
|
openmrs
|
openmrs_module_reporting
|
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageRepor…
|
CWE-352
Origin Validation Error
|
CVE-2017-7990
|
2024-11-21 12:33 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248068
|
5.3 |
MEDIUM
Network
|
watchguard
|
fireware
|
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends…
|
CWE-611
XXE
|
CVE-2017-8056
|
2024-11-21 12:33 |
2017-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248069
|
5.5 |
MEDIUM
Local
|
libimobiledevice
|
libplist
|
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and applic…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7982
|
2024-11-21 12:33 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248070
|
9.8 |
CRITICAL
Network
|
mor-pah.net
|
dmitry_deepmagic_information_gathering_tool
|
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other i…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7938
|
2024-11-21 12:33 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
