|
258401
|
9.8 |
CRITICAL
Network
|
smalruby
|
smalruby-editor
|
smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2017-2096
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258402
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-2095
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258403
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
|
CWE-269
Improper Privilege Management
|
CVE-2017-2094
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258404
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2017-2093
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258405
|
5.4 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2092
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258406
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-2091
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258407
|
6.5 |
MEDIUM
Network
|
cubecart
|
cubecart
|
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2017-2090
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258408
|
7.1 |
HIGH
Network
|
librdf
debian
fedoraproject
|
raptor_rdf_syntax_library
debian_linux
fedora
|
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overfl…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-18926
|
2024-11-21 12:21 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258409
|
5.5 |
MEDIUM
Local
|
openr
|
opentmpfiles
|
opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.
|
CWE-59
Link Following
|
CVE-2017-18925
|
2024-11-21 12:21 |
2020-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258410
|
7.5 |
HIGH
Network
|
oauth2-server_project
|
oauth2-server
|
oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As…
|
CWE-94
Code Injection
|
CVE-2017-18924
|
2024-11-21 12:21 |
2020-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
