CVE-2023-49029

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file...

PT-2023-31031 · Unknown · Smpn1Smg Absis

Name of the Vulnerable Software and Affected Versions: smpn1smg absis versions 2017-10-19 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the nama parameter in the "lock/lock.php" file. This is a Cross Site Scripting vulnerability. Recommendations: For...

SUSE CVE-2017-7868

International Components for Unicode ICU for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utextmoveIndex32 function...

CVE-2016-11057

Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2...

CVE-2016-11055

Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before...

CVE-2019-19616

An Insecure Direct Object Reference IDOR vulnerability in the Xtivia Web Time and Expense WebTE interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment...

CVE-2017-14853

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device...

CVE-2018-7533

An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system...

ALPINE-CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

rsync access restriction bypass vulnerability (CNVD-2018-00212)

rsync is a data mirroring backup application for Unix-like systems developed by Australian software developers Andrew Tridgell and Paul Mackerras that synchronizes file and directory updates between two computers and uses differential encoding to reduce data transfers. A security vulnerability in...

LibreNMS Arbitrary File Read Vulnerability

LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A security vulnerability exists in the installation process in versions of LibreNMS prior to 2017-08-18. A remot...

CVE-2017-15994

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub...

CVE-2017-12653

360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory...

simple-file-manager Path Traversal Vulnerability

simple-file-manager is a web-based file management utility. A path traversal vulnerability exists in versions of simple-file-manager prior to 2017-04-26. An attacker could use this vulnerability to read files...

CVE-2017-6509

Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php id parameter...

PT-2017-17124 · Andrzuk · Finecms

Name of the Vulnerable Software and Affected Versions: andrzuk/FineCMS versions prior to 2017-03-06 Description: The issue is related to a reflected XSS in index.php due to missing validation of the action parameter in application/classes/application.php. Recommendations: For versions prior to...