|
198441
|
9.8 |
CRITICAL
Network
|
nexusphp
|
nexusphp
|
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
|
CWE-89
SQL Injection
|
CVE-2017-12981
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198442
|
6.1 |
MEDIUM
Network
|
dokuwiki
|
dokuwiki
|
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-co…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12980
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198443
|
6.1 |
MEDIUM
Network
|
dokuwiki
|
dokuwiki
|
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger Ja…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12979
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198444
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12978
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198445
|
7.5 |
HIGH
Network
|
ccfile
|
cc_file_transfer
|
In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An exam…
|
CWE-20
Improper Input Validation
|
CVE-2017-12784
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198446
|
7.2 |
HIGH
Network
|
10web
|
photo_gallery
|
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in a…
|
CWE-89
SQL Injection
|
CVE-2017-12977
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198447
|
8.8 |
HIGH
Network
|
git-annex_project
|
git-annex
|
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a rel…
|
CWE-20
Improper Input Validation
|
CVE-2017-12976
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198448
|
7.5 |
HIGH
Network
|
connect2id
|
nimbus_jose\+jwt
|
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-12974
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198449
|
3.1 |
LOW
Network
|
connect2id
|
nimbus_jose\+jwt
|
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2017-12973
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198450
|
7.5 |
HIGH
Network
|
connect2id
|
nimbus_jose\+jwt
|
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authe…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-12972
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
