CVE-2017-15890 CVSS:0.0
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. (Last Update:2017-12-15) (Publish Update:2017-12-15)
CVE-2017-16788 CVSS:0.0
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. (Last Update:2017-12-15) (Publish Update:2017-12-15)
CVE-2017-17694 CVSS:0.0
Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. (Last Update:2017-12-15) (Publish Update:2017-12-15)
CVE-2017-17695 CVSS:0.0
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. (Last Update:2017-12-15) (Publish Update:2017-12-15)
CVE-2017-17698 CVSS:0.0
Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. (Last Update:2017-12-15) (Publish Update:2017-12-15)
CVE-2017-5264 CVSS:0.0
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack. (Last Update:2017-12-14) (Publish Update:2017-12-14)
CVE-2017-1421 CVSS:0.0
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. (Last Update:2017-12-14) (Publish Update:2017-12-13)
CVE-2017-1546 CVSS:0.0
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. (Last Update:2017-12-14) (Publish Update:2017-12-13)
CVE-2017-17567 CVSS:0.0
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17569 CVSS:0.0
Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. (Last Update:2017-12-13) (Publish Update:2017-12-13)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com