|
250361
|
7.5 |
HIGH
Network
|
sybase
|
adaptive_server_enterprise
|
Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422.
|
CWE-20
Improper Input Validation
|
CVE-2017-5371
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250362
|
8.8 |
HIGH
Network
|
eclinicalworks
|
patient_portal
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST re…
|
CWE-89
SQL Injection
|
CVE-2017-5570
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250363
|
9.8 |
CRITICAL
Network
|
eclinicalworks
|
patient_portal
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP…
|
CWE-89
SQL Injection
|
CVE-2017-5569
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250364
|
7.5 |
HIGH
Network
|
novell
|
open_enterprise_server
|
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total info…
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2017-5182
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250365
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5575
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250366
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5574
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250367
|
8.8 |
HIGH
Network
|
libtiff
|
libtiff
|
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5563
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250368
|
8.1 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
phantompdf
|
The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and a…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5556
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250369
|
8.1 |
HIGH
Network
|
oneplus
|
oxygenos
|
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attac…
|
CWE-287
Improper Authentication
|
CVE-2017-5554
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250370
|
5.4 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a jav…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5553
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
