|
253961
|
8.8 |
HIGH
Network
|
git_large_file_storage_project
|
git_large_file_storage
|
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within …
|
CWE-20
Improper Input Validation
|
CVE-2017-17831
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253962
|
6.8 |
MEDIUM
Network
|
doditsolutions
|
bus_booking_script
|
Bus Booking Script has CSRF via admin/new_master.php.
|
CWE-352
Origin Validation Error
|
CVE-2017-17830
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253963
|
7.2 |
HIGH
Network
|
doditsolutions
|
bus_booking_script
|
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.
|
CWE-89
SQL Injection
|
CVE-2017-17829
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253964
|
4.8 |
MEDIUM
Network
|
doditsolutions
|
busbooking-script
|
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17828
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253965
|
8.8 |
HIGH
Network
|
piwigo
|
piwigo
|
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin use…
|
CWE-352
Origin Validation Error
|
CVE-2017-17827
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253966
|
6.1 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can e…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17826
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253967
|
4.8 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit …
|
CWE-79
Cross-site Scripting
|
CVE-2017-17825
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253968
|
4.9 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the …
|
CWE-89
SQL Injection
|
CVE-2017-17824
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253969
|
4.9 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a conne…
|
CWE-89
SQL Injection
|
CVE-2017-17823
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253970
|
4.9 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MyS…
|
CWE-89
SQL Injection
|
CVE-2017-17822
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
