|
266291
|
8.1 |
HIGH
Network
|
open-emr
|
openemr
|
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view an…
|
CWE-269
Improper Privilege Management
|
CVE-2017-1000241
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266292
|
5.4 |
MEDIUM
Network
|
open-emr
|
openemr
|
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote auth…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000240
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266293
|
5.4 |
MEDIUM
Network
|
invoiceplane
|
invoiceplane
|
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of …
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000239
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266294
|
8.8 |
HIGH
Network
|
invoiceplane
|
invoiceplane
|
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-1000238
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266295
|
9.8 |
CRITICAL
Network
|
ejs
|
ejs
|
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
|
CWE-20
Improper Input Validation
|
CVE-2017-1000228
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266296
|
7.5 |
HIGH
Network
|
ejs
|
ejs
|
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
|
CWE-20
Improper Input Validation
|
CVE-2017-1000189
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266297
|
6.1 |
MEDIUM
Network
|
ejs
|
ejs
|
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000188
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266298
|
9.8 |
CRITICAL
Network
|
creolabs
|
gravity
|
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-1000173
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266299
|
9.8 |
CRITICAL
Network
|
creolabs
|
gravity
|
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being us…
|
CWE-416
Use After Free
|
CVE-2017-1000172
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266300
|
5.9 |
MEDIUM
Network
|
nv-websocket-client_project
|
nv-websocket-client
|
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000209
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
