|
251881
|
5.4 |
MEDIUM
Network
|
epesi
|
epesi
|
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers t…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9331
|
2024-11-21 12:35 |
2017-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251882
|
6.5 |
MEDIUM
Network
|
allen_disk_project
|
allen_disk
|
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-9307
|
2024-11-21 12:35 |
2017-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251883
|
6.1 |
MEDIUM
Network
|
syspass
|
syspass
|
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9306
|
2024-11-21 12:35 |
2017-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251884
|
6.1 |
MEDIUM
Network
|
tiki
|
tikiwiki_cms\/groupware
|
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newslet…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9305
|
2024-11-21 12:35 |
2017-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251885
|
7.5 |
HIGH
Network
|
virustotal
|
yara
|
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
|
CWE-674
Uncontrolled Recursion
|
CVE-2017-9304
|
2024-11-21 12:35 |
2017-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251886
|
6.1 |
MEDIUM
Network
|
laravel
|
laravel
|
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-cont…
|
CWE-20
Improper Input Validation
|
CVE-2017-9303
|
2024-11-21 12:35 |
2017-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251887
|
5.5 |
MEDIUM
Local
|
realnetworks
|
realplayer
|
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.
|
CWE-369
Divide By Zero
|
CVE-2017-9302
|
2024-11-21 12:35 |
2017-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251888
|
7.8 |
HIGH
Local
|
videolan
|
vlc_media_player
|
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecif…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9301
|
2024-11-21 12:35 |
2017-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251889
|
7.8 |
HIGH
Local
|
videolan
|
vlc_media_player
|
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other imp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9300
|
2024-11-21 12:35 |
2017-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251890
|
6.1 |
MEDIUM
Network
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9299
|
2024-11-21 12:35 |
2017-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
