63870 matches found
WordPress < 4.8.2 - Authenticated Open Redirect
WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface. id: CVE-2017-14725 info: name: WordPress 4.8.2 -...
Node.js <8.6.0 - Directory Traversal
Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules. id: CVE-2017-14849 info: name: Node.js 8.6.0 - Directory Traversal author: RandomRobbie severity: high...
WordPress Qards - Cross-Site Scripting
WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php. id: CVE-2017-18598 info: name: WordPress Qards - Cross-Site Scripting author: pussycat0x severity: medium description: WordPress Qards...
Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
Schneider Electric Pelco VideoXpert Enterprise versions 2.0 and prior contain a directory traversal caused by insufficient input validation, letting unauthorized persons view web server files, exploit requires no authentication. id: CVE-2017-9965 info: name: Schneider Electric Pelco VideoXpert...
Apache Tomcat - Remote Code Execution
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...
PhpColl 2.5.1 Arbitrary File Upload
PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/ via clients/editclient.php. id: CVE-2017-6090 info: name: PhpColl 2.5.1 Arbitrary File Uplo...
Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...
Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests. id: CVE-2017-1000028 info: name: Oracle GlassFish Server Open Source Edition 4.1 - Loc...
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 router is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication and download the router configuration file by manipulating the admin:language cookie. id: CVE-2017-14942 info: name: Intelbras WRN 150 - Authentication Bypass author:...
BOA Web Server 0.94.14 - Arbitrary File Access
BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. id: CVE-2017-9833 info: name: BOA Web Server 0.94.14 - Arbitrary File Acces...
CVE-2017-7253
creationtimestamp| type| source ---|---|--- 2026-07-09 15:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq7vx533e625...
CVE-2017-2850
creationtimestamp| type| source ---|---|--- 2026-07-09 14:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq7slsxo272m...
CVE-2017-2848
creationtimestamp| type| source ---|---|--- 2026-07-09 13:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq7pakb55i2o...
CVE-2017-2847
creationtimestamp| type| source ---|---|--- 2026-07-09 12:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq7nkvy5hh2s...
CVE-2017-2846
creationtimestamp| type| source ---|---|--- 2026-07-09 12:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq7lvbi36e2o...
CVE-2017-2845
creationtimestamp| type| source ---|---|--- 2026-07-09 11:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq7k7ms5iz2n...
CVE-2017-2844
creationtimestamp| type| source ---|---|--- 2026-07-09 11:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq7ijxgciu25...
CVE-2017-10681
creationtimestamp| type| source ---|---|--- 2026-07-09 01:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq6ioq5lgo2s...
CVE-2017-10680
creationtimestamp| type| source ---|---|--- 2026-07-09 01:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq6gz3iouu25...
CVE-2017-10678
creationtimestamp| type| source ---|---|--- 2026-07-09 00:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq6fdh2sxx2f...