|
248351
|
6.1 |
MEDIUM
Network
|
opentext
|
tempo_box
|
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8892
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248352
|
7.8 |
HIGH
Local
|
sap
|
sapcar
|
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of da…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8852
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248353
|
5.5 |
MEDIUM
Local
|
dropbox
|
lepton
|
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
|
CWE-1187
Use of Uninitialized Resource
|
CVE-2017-8891
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248354
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other …
|
CWE-415
Double Free
|
CVE-2017-8890
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248355
|
6.8 |
MEDIUM
Physics
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2017-8879
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248356
|
6.5 |
MEDIUM
Network
|
asus
|
rt-ac1750_firmware
|
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.
|
CWE-200
Information Exposure
|
CVE-2017-8878
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248357
|
6.5 |
MEDIUM
Network
|
asus
|
rt-ac1750_firmware
|
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.
|
CWE-200
Information Exposure
|
CVE-2017-8877
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248358
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8876
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248359
|
6.5 |
MEDIUM
Network
|
codection
|
clean_login
|
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.
|
CWE-352
Origin Validation Error
|
CVE-2017-8875
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248360
|
8.8 |
HIGH
Network
|
acquia
|
mautic
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete cont…
|
CWE-352
Origin Validation Error
|
CVE-2017-8874
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
