CVE-2017-1000496

Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code...

Code injection

Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code...

CVE-2017-1000496

Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code...

[SECURITY] Fedora 26 Update: phpMyAdmin-4.7.7-1.fc26

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

GitLab: GitHub import allows user to create child group under existing namespace

When importing a GitHub repository on GitLab, a request is made to /import/github. The user is allowed to pass along a target namespace where they want to add the repository. In this process, the code will create the namespace if it doesn't exist already. However, this can be used to create a...

WordPress Easy2Map plugin path traversal vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL server set up a personal blog site. easy2Map is one of the support to create a customized Google Maps plugin. A path traversal vulnerability exists in...

CVE-2017-17784

In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data...

CVE-2017-17784

In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data...

CVE-2017-17784

In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data...

DEBIAN-CVE-2017-17784

In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data...

CVE-2017-17784

In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data...

CVE-2017-17784

In GIMP 2.8.22, there is a heap-based buffer over-read in loadimage in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data...

CVE-2017-17784

CVE-2017-17784 affects GIMP 2.8.22 with a heap-based buffer over-read in the gbr import parser (load_image) caused by mishandling UTF-8 data. The connected documents corroborate the specific component and nature of the bug, and multiple advisories report the issue across various distributions (e....

WordPress CSV Import-Export 1.1 Cross Site Scripting

Product: CSV Import-Export Wordpress Plugin - https://wordpress.org/plugins/csv-import-export/ Vendor: eSparkBiz Tested version: 1.1 CVE ID: CVE-2017-17753 CVE description Multiple cross-site scripting XSS vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote...

WordPress CSV Import-Export 1.1 Cross Site Scripting Vulnerability

WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability. Product: CSV Import-Export Wordpress Plugin - https://wordpress.org/plugins/csv-import-export/ Vendor: eSparkBiz Tested version: 1.1 CVE ID: CVE-2017-17753 CVE description Multiple cross-site scripti...

Wordpress esb-csv-import-export plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . esb-csv-import-export plugin is used in one of the plug-ins for importing and exporting CSV files . A...

WordPress CSV Import-Export plugin <=1.1.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress CSV Import-Export plugin versions =1.1.0. Solution Dec 20, 2017 - we were unable to find a patched version of this plugin last updated three years ago. Uninstall or use it at your own risk...

CVE-2017-17753

Multiple cross-site scripting XSS vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 cietype, 2 cieimport, 3 cieupdate, or 4 cieignore parameter to includes/admin/views/esb-cie-import-export-page.ph...

CVE-2017-17753

The CVE-2017-17753 entry concerns the WordPress plugin esb-csv-import-export (versions up to 1.1). The vulnerability is an XSS in includes/admin/views/esb-cie-import-export-page.php where the GET parameters cie_type, cie_import, cie_update, and cie_ignore are echoed back to the user without prope...

Csv Import-Export <= 1.1 - Authenticated Cross-Site Scripting (XSS)

The csv-import-export WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...