888 matches found
Code injection
In Exponent CMS before 2.4.1 Patch 5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php...
CVE-2017-8085
In Exponent CMS before 2.4.1 Patch 5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php...
CVE-2017-8085
In Exponent CMS before 2.4.1 Patch 5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php...
CVE-2017-8085
Exponent CMS vulnerable before 2.4.1 Patch #5 due to an XSS flaw in elFinder (framework/modules/file/connector/elfinder.php). The issue affects Exponent CMS versions prior to 2.4.1 Patch #5; patch 2.4.1 Patch #5 fixes the vulnerability. The connected sources describe the vulnerability as a cross-...
CVE-2017-7991
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php...
CVE-2017-7991
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php...
Sql injection
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php...
CVE-2017-7991
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php...
CVE-2017-7991
Exponent CMS 2.4.1 and earlier is affected by a SQL injection in the api() function of framework/modules/eaas/controllers/eaasController.php. The root cause is lack of input validation on the apikey parameter, which is base64-encoded, URL-decoded, and unserialized (via expUnserialize) before furt...
Exponent CMS 2.4.1 SQL Injection
CVE-2017-7991-SQL injection-Exponent CMS Suggested description Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of framework/modules/eaas/controllers/eaasController.php. ------------------------------------------ Additional...
Exponent CMS 2.4.1 SQL Injection Vulnerability
Exponent CMS versions 2.4.1 and below suffer from a remote SQL injection vulnerability. CVE-2017-7991-SQL injection-Exponent CMS Suggested description Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of...
CVE-2017-7601
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
Code injection
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
CVE-2017-7601
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
DEBIAN-CVE-2017-7601
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
CVE-2017-7601
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
CVE-2017-7601
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
CVE-2017-7601
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
CVE-2017-7601
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...
UBUNTU-CVE-2017-7601
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted image...