CVE-2017-16950 CVSS:0.0
Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter. (Last Update:2017-12-17) (Publish Update:2017-12-17)
CVE-2017-14134 CVSS:0.0
A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688. (Last Update:2017-12-16) (Publish Update:2017-12-16)
CVE-2017-17713 CVSS:0.0
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. (Last Update:2017-12-16) (Publish Update:2017-12-16)
CVE-2017-17714 CVSS:0.0
Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. (Last Update:2017-12-16) (Publish Update:2017-12-16)
CVE-2017-17715 CVSS:0.0
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. (Last Update:2017-12-16) (Publish Update:2017-12-16)
CVE-2017-15890 CVSS:0.0
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. (Last Update:2017-12-15) (Publish Update:2017-12-15)
CVE-2017-16788 CVSS:0.0
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. (Last Update:2017-12-15) (Publish Update:2017-12-15)
CVE-2017-17694 CVSS:0.0
Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. (Last Update:2017-12-15) (Publish Update:2017-12-15)
CVE-2017-17695 CVSS:0.0
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. (Last Update:2017-12-15) (Publish Update:2017-12-15)
CVE-2017-17698 CVSS:0.0
Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. (Last Update:2017-12-15) (Publish Update:2017-12-15)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com