53948 matches found
ROOT-OS-UBUNTU-2204-CVE-2017-13693 CVE-2017-13693 in rootio-linux - Patched by Root
Root has patched CVE-2017-13693 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2017-13165 CVE-2017-13165 in rootio-linux - Patched by Root
Root has patched CVE-2017-13165 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2017-0537 CVE-2017-0537 in rootio-linux - Patched by Root
Root has patched CVE-2017-0537 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. id: CVE-2017-18517 info: name: Pinterest by BestWebSoft 1.0.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues...
WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
Shortcodes Ultimate plugin before 5.0.1 for WordPress contains a remote code execution caused by a filter in meta, post, or user shortcode, letting remote attackers execute arbitrary code, exploit requires sending crafted shortcode data. id: CVE-2017-18580 info: name: WordPress Shortcodes Ultimat...
McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...
WordPress Qards - Cross-Site Scripting
WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php. id: CVE-2017-18598 info: name: WordPress Qards - Cross-Site Scripting author: pussycat0x severity: medium description: WordPress Qards...
Laravel <5.5.21 - Information Disclosure
Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in...
KMCIS CaseAware - Cross-Site Scripting
KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. id: CVE-2017-5631 info: name: KMCIS CaseAware - Cross-Site Scripting author: edoardottt severity: medium description: KMCIS CaseAware contains a reflected...
Ulterius Server < 1.9.5.0 - Directory Traversal
Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs. id: CVE-2017-16806 info: name: Ulterius Server 1.9.5.0 - Directory Traversal author: geeknik severity: high description: Ulterius Server before 1.9.5.0 allow...
HPE System Management - Cross-Site Scripting
HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...
Django Debug Page - Cross-Site Scripting
Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...
SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting
The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18518 info: name: SMTP by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. impact: |...
OpenDreambox 2.0.0 - Remote Code Execution
OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
An Open Redirect vulnerability in Odoo versions = 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL. id: CVE-2017-5871 info: name: Odoo = 8.0-20160726 & 9.0 - Open Redirect author: 1337rokudenashi severity: medium description: | An Open...
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. id: CVE-2017-3132 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddh...
Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal
Schneider Electric Pelco VideoXpert Enterprise versions 2.0 and prior contain a directory traversal caused by insufficient input validation, letting unauthorized persons view web server files, exploit requires no authentication. id: CVE-2017-9965 info: name: Schneider Electric Pelco VideoXpert...
XML-RPC Server - Remote Code Execution
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups. id: CVE-2017-11610 info: name: XML-RPC Serve...
DokuWiki - Cross-Site Scripting
DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATEAT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...