|
253211
|
7.5 |
HIGH
Network
|
kde
|
kmail
messagelib
|
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, w…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-9604
|
2024-11-21 12:36 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253212
|
7.8 |
HIGH
Local
|
synology
|
photo_station
|
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user progr…
|
CWE-287
Improper Authentication
|
CVE-2017-9552
|
2024-11-21 12:36 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253213
|
7.5 |
HIGH
Network
|
echatserver
|
easy_chat_server
|
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-9557
|
2024-11-21 12:36 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253214
|
8.8 |
HIGH
Network
|
goldplugins
|
testimonials_plugin_easy_testimonials
|
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
|
CWE-89
SQL Injection
|
CVE-2017-9418
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253215
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Pa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9548
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253216
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9547
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253217
|
5.7 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9546
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253218
|
9.8 |
CRITICAL
Network
|
echatserver
|
easy_chat_server
|
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-9544
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253219
|
7.5 |
HIGH
Network
|
echatserver
|
easy_chat_server
|
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-9543
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253220
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-615_firmware
|
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation …
|
CWE-287
Improper Authentication
|
CVE-2017-9542
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
