|
198531
|
8.8 |
HIGH
Network
|
podlove
|
podlove_podcast_publisher
|
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitab…
|
CWE-89
SQL Injection
|
CVE-2017-12949
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198532
|
6.1 |
MEDIUM
Network
|
pressforward
|
pressforward
|
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12948
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198533
|
7.2 |
HIGH
Network
|
easymodal_project
|
easy_modal
|
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable …
|
CWE-89
SQL Injection
|
CVE-2017-12947
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198534
|
7.2 |
HIGH
Network
|
easymodal_project
|
easy_modal
|
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by…
|
CWE-89
SQL Injection
|
CVE-2017-12946
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198535
|
5.4 |
MEDIUM
Network
|
spring_batch_admin_project
|
spring_batch_admin
|
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12882
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198536
|
8.8 |
HIGH
Network
|
spring_batch_admin_project
|
spring_batch_admin
|
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such …
|
CWE-352
Origin Validation Error
|
CVE-2017-12881
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198537
|
9.8 |
CRITICAL
Network
|
nexusphp_project
|
nexusphp
|
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
|
CWE-89
SQL Injection
|
CVE-2017-12776
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198538
|
5.9 |
MEDIUM
Network
|
netapp
|
data_ontap
|
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2017-12859
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198539
|
6.1 |
MEDIUM
Network
|
nexusphp_project
|
nexusphp
|
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12680
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198540
|
7.5 |
HIGH
Network
|
libtiff
|
libtiff
|
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and appl…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-12944
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
