Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-15235 |
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. Published: October 10, 2017; 11:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-15232 |
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. Published: October 10, 2017; 11:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-15215 |
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users. Published: October 10, 2017; 9:32:55 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-15214 |
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. Published: October 10, 2017; 9:32:55 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-15213 |
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl. Published: October 10, 2017; 9:32:55 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-15212 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user. Published: October 10, 2017; 9:32:55 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15211 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. Published: October 10, 2017; 9:32:55 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15210 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. Published: October 10, 2017; 9:32:55 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15209 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. Published: October 10, 2017; 9:32:55 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15208 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. Published: October 10, 2017; 9:32:55 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15207 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15206 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15205 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15204 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15203 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15202 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15201 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15200 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15199 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-15198 |
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. Published: October 10, 2017; 9:32:54 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |