|
248391
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8792
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248392
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.
|
CWE-93
CRLF Injection
|
CVE-2017-8791
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248393
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.
|
CWE-90
LDAP Injection
|
CVE-2017-8790
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248394
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.
|
CWE-89
SQL Injection
|
CVE-2017-8789
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248395
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.
|
CWE-93
CRLF Injection
|
CVE-2017-8788
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248396
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop spe…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8760
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248397
|
8.8 |
HIGH
Network
|
podofo_project
|
podofo
|
The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer o…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-8787
|
2024-11-21 12:34 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248398
|
9.8 |
CRITICAL
Network
|
pcre
|
pcre2
|
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8786
|
2024-11-21 12:34 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248399
|
9.8 |
CRITICAL
Network
|
atlassian
|
sourcetree
|
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree…
|
CWE-78
OS Command
|
CVE-2017-8768
|
2024-11-21 12:34 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248400
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8778
|
2024-11-21 12:34 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
