|
248101
|
9.8 |
CRITICAL
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password,…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2017-8218
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248102
|
5.3 |
MEDIUM
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
|
CWE-862
Missing Authorization
|
CVE-2017-8217
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248103
|
5.3 |
MEDIUM
Network
|
modx
|
modx_revolution
|
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.
|
CWE-22
Path Traversal
|
CVE-2017-8115
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248104
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
|
CWE-200
Information Exposure
|
CVE-2017-8057
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248105
|
6.5 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-7989
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248106
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
|
NVD-CWE-noinfo
|
CVE-2017-7988
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248107
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7987
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248108
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7986
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248109
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7985
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248110
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7984
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
