|
264401
|
4.9 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" sect…
|
CWE-200
Information Exposure
|
CVE-2017-12419
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264402
|
7.8 |
HIGH
Local
|
gnu
|
binutils
|
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use afte…
|
CWE-416
Use After Free
|
CVE-2017-12448
|
2024-11-21 12:09 |
2017-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264403
|
7.5 |
HIGH
Network
|
varnish-cache
varnish_cache_project
varnish-software
|
varnish
varnish_cache
|
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12425
|
2024-11-21 12:09 |
2017-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264404
|
6.1 |
MEDIUM
Network
|
etoilewebdesign
|
ultimate_product_catalog
|
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12200
|
2024-11-21 12:09 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264405
|
9.8 |
CRITICAL
Network
|
etoilewebdesign
|
ultimate_product_catalog
|
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, ima…
|
CWE-89
SQL Injection
|
CVE-2017-12199
|
2024-11-21 12:09 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264406
|
6.5 |
MEDIUM
Adjacent
|
blipcare
|
wi-fi_blood_pressure_monitor_firmware
|
Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a l…
|
CWE-399
Resource Management Errors
|
CVE-2017-11580
|
2024-11-21 12:08 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264407
|
7.1 |
HIGH
Adjacent
|
blipcare
|
wi-fi_blood_pressure_monitor_firmware
|
In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the we…
|
CWE-254
7PK - Security Features
|
CVE-2017-11579
|
2024-11-21 12:08 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264408
|
5.9 |
MEDIUM
Network
|
blipcare
|
wi-fi_blood_pressure_monitor_firmware
|
It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using …
|
CWE-200
Information Exposure
|
CVE-2017-11578
|
2024-11-21 12:08 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264409
|
5.4 |
MEDIUM
Network
|
zohocorp
|
manageengine_opmanager
|
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locat…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11560
|
2024-11-21 12:08 |
2019-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264410
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_opmanager
|
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL I…
|
CWE-89
SQL Injection
|
CVE-2017-11559
|
2024-11-21 12:08 |
2019-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
