ReportizFlow
Filtered by vendor
Subscriptions
Total
322798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000483 | 1 Plone | 1 Plone | 2024-11-21 | N/A |
| Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5. | ||||
| CVE-2017-1000482 | 1 Plone | 1 Plone | 2024-11-21 | N/A |
| A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | ||||
| CVE-2017-1000481 | 1 Plone | 1 Plone | 2024-11-21 | N/A |
| When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix. | ||||
| CVE-2017-1000480 | 1 Smarty | 1 Smarty | 2024-11-21 | N/A |
| Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | ||||
| CVE-2017-1000479 | 2 Netgate, Opnsense Project | 2 Pfsense, Opnsense | 2024-11-21 | N/A |
| pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions. | ||||
| CVE-2017-1000478 | 1 Elabftw | 1 Elabftw | 2024-11-21 | N/A |
| ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. | ||||
| CVE-2017-1000477 | 1 Xmlbundle Project | 1 Xmlbundle | 2024-11-21 | N/A |
| XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks. | ||||
| CVE-2017-1000476 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | N/A |
| ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. | ||||
| CVE-2017-1000475 | 1 Freesshd | 1 Freesshd | 2024-11-21 | N/A |
| FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges. | ||||
| CVE-2017-1000474 | 1 Vehicle Sales Management System Project | 1 Vehicle Sales Management System | 2024-11-21 | N/A |
| Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing. | ||||
| CVE-2017-1000473 | 1 Linux-dash Project | 1 Linux-dash | 2024-11-21 | N/A |
| Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | ||||
| CVE-2017-1000472 | 2 Debian, Pocoproject | 2 Debian Linux, Poco | 2024-11-21 | N/A |
| The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | ||||
| CVE-2017-1000471 | 1 Embedthis | 1 Goahead | 2024-11-21 | N/A |
| EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service. | ||||
| CVE-2017-1000470 | 1 Embedthis | 1 Goahead Web Server | 2024-11-21 | N/A |
| EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service. | ||||
| CVE-2017-1000469 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | N/A |
| Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. | ||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2024-11-21 | N/A |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | ||||
| CVE-2017-1000466 | 1 Invoiceninja | 1 Invoice Ninja | 2024-11-21 | N/A |
| Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | ||||
| CVE-2017-1000465 | 1 Sulu | 1 Sulu-standard | 2024-11-21 | N/A |
| Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code. | ||||
| CVE-2017-1000463 | 1 Leafpub | 1 Leafpub | 2024-11-21 | N/A |
| Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code. | ||||
| CVE-2017-1000462 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | N/A |
| BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | ||||