Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-18005 |
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. Published: December 31, 2017; 2:29:00 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18004 |
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. Published: December 31, 2017; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18001 |
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. Published: December 31, 2017; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-17704 |
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible. Published: December 30, 2017; 9:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2016-10704 |
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. Published: December 30, 2017; 4:29:00 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17089 |
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. Published: December 30, 2017; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-14855 |
Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. Published: December 30, 2017; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.6 HIGH V2.0: 7.8 HIGH |
CVE-2017-17997 |
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. Published: December 30, 2017; 2:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-12813 |
PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. Published: December 30, 2017; 2:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-12812 |
PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. Published: December 30, 2017; 2:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-12811 |
PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. Published: December 30, 2017; 2:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-12810 |
PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. Published: December 30, 2017; 2:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17995 |
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17994 |
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17993 |
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17992 |
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2017-17991 |
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17990 |
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-17989 |
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17988 |
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. Published: December 29, 2017; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |