|
253511
|
8.1 |
HIGH
Network
|
wepresent
|
wipg-1500_firmware
|
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device u…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-6351
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253512
|
6.1 |
MEDIUM
Network
|
dotclear
|
dotclear
|
XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6446
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253513
|
7.2 |
HIGH
Network
|
admidio
|
admidio
|
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.
|
CWE-89
SQL Injection
|
CVE-2017-6492
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253514
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6491
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253515
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name,…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6490
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253516
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6489
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253517
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-mas…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6488
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253518
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6487
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253519
|
6.1 |
MEDIUM
Network
|
reasoncms
|
reasoncms
|
A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the "reasoncms-mast…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6486
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253520
|
6.1 |
MEDIUM
Network
|
php-calendar
|
php-calendar
|
A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calend…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6485
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
