|
250391
|
6.1 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5490
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250392
|
8.8 |
HIGH
Network
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
|
CWE-352
Origin Validation Error
|
CVE-2017-5489
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250393
|
6.1 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5488
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250394
|
5.3 |
MEDIUM
Network
|
wordpress
|
wordpress
|
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote…
|
CWE-200
Information Exposure
|
CVE-2017-5487
|
2024-11-21 12:27 |
2017-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250395
|
8.8 |
HIGH
Network
|
s9y
|
serendipity
|
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
|
CWE-352
Origin Validation Error
|
CVE-2017-5476
|
2024-11-21 12:27 |
2017-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250396
|
8.8 |
HIGH
Network
|
s9y
|
serendipity
|
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
|
CWE-352
Origin Validation Error
|
CVE-2017-5475
|
2024-11-21 12:27 |
2017-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250397
|
6.1 |
MEDIUM
Network
|
s9y
|
serendipity
|
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer hea…
|
CWE-601
Open Redirect
|
CVE-2017-5474
|
2024-11-21 12:27 |
2017-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250398
|
8.8 |
HIGH
Network
|
ntop
|
ntopng
|
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user…
|
CWE-352
Origin Validation Error
|
CVE-2017-5473
|
2024-11-21 12:27 |
2017-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250399
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_pdf_toolkit
|
Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerabili…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5364
|
2024-11-21 12:27 |
2017-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250400
|
9.8 |
CRITICAL
Network
|
libtiff
|
libtiff
|
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5225
|
2024-11-21 12:27 |
2017-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
