Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-16733 1 Ecava 1 Integraxor 2025-04-20 N/A
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
CVE-2017-16735 1 Ecava 1 Integraxor 2025-04-20 N/A
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
CVE-2017-16754 1 Boltcms 1 Bolt 2025-04-20 N/A
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
CVE-2017-16757 1 Hola 1 Vpn 2025-04-20 N/A
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.
CVE-2017-16758 1 Ultimate Instagram Feed Project 1 Ultimate Instagram Feed 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter.
CVE-2017-16759 1 Librenms 1 Librenms 2025-04-20 N/A
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
CVE-2017-16760 1 Inedo 1 Buildmaster 2025-04-20 N/A
Inedo BuildMaster before 5.8.2 has XSS.
CVE-2017-16761 1 Inedo 1 Buildmaster 2025-04-20 N/A
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
CVE-2017-16763 1 Confire Project 1 Confire 2025-04-20 N/A
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVE-2017-16764 1 Django Make App Project 1 Django Make App 2025-04-20 9.8 Critical
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.
CVE-2017-16765 1 Dlink 2 Dwr-933, Dwr-933 Firmware 2025-04-20 6.1 Medium
XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.
CVE-2017-16766 1 Synology 1 Diskstation Manager 2025-04-20 N/A
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
CVE-2017-16768 1 Synology 1 Mailplus Server 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
CVE-2017-16776 1 Mckesson 1 Conserus Workflow Intelligence 2025-04-20 N/A
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.
CVE-2017-16777 1 Hashicorp 1 Vagrant 2025-04-20 N/A
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
CVE-2017-1678 1 Ibm 1 Rational Doors Next Generation 2025-04-20 N/A
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134000.
CVE-2017-16780 1 Mybb 1 Mybb 2025-04-20 N/A
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
CVE-2017-16781 1 Mybb 1 Mybb 2025-04-20 N/A
The installer in MyBB before 1.8.13 has XSS.
CVE-2017-16782 1 Home-assistant 1 Home-assistant 2025-04-20 N/A
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
CVE-2017-16783 1 Cmsmadesimple 1 Cms Made Simple 2025-04-20 9.8 Critical
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.