|
250381
|
7.4 |
HIGH
Network
|
metalgenix
|
genixcms
|
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-5518
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250382
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5517
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250383
|
6.1 |
MEDIUM
Network
|
metalgenix
|
genixcms
|
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5516
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250384
|
5.4 |
MEDIUM
Network
|
metalgenix
|
genixcms
|
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5515
|
2024-11-21 12:27 |
2017-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250385
|
5.5 |
MEDIUM
Local
|
phpmailer_project
|
phpmailer
|
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to…
|
CWE-200
Information Exposure
|
CVE-2017-5223
|
2024-11-21 12:27 |
2017-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250386
|
5.4 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5494
|
2024-11-21 12:27 |
2017-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250387
|
8.1 |
HIGH
Network
|
b2evolution
|
b2evolution
|
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to prov…
|
CWE-22
Path Traversal
|
CVE-2017-5480
|
2024-11-21 12:27 |
2017-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250388
|
7.5 |
HIGH
Network
|
wordpress
|
wordpress
|
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended a…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-5493
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250389
|
8.8 |
HIGH
Network
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims …
|
CWE-352
Origin Validation Error
|
CVE-2017-5492
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250390
|
5.3 |
MEDIUM
Network
|
wordpress
|
wordpress
|
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2017-5491
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
