Total
2004 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18735 | 1 Netgear | 12 Jr6150, Jr6150 Firmware, Pr2000 and 9 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4. | ||||
| CVE-2017-18734 | 1 Netgear | 26 Jnr1010, Jnr1010 Firmware, Jr6150 and 23 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. | ||||
| CVE-2017-18652 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017). | ||||
| CVE-2017-18634 | 1 Tagdiv | 1 Newspaper | 2024-11-21 | 9.8 Critical |
| The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. | ||||
| CVE-2017-18605 | 1 Gravitatedesign | 1 Gravitate Qa Tracker | 2024-11-21 | 9.8 Critical |
| The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection. | ||||
| CVE-2017-18604 | 1 Sitebuilder Dynamic Components Project | 1 Sitebuilder Dynamic Components | 2024-11-21 | 7.5 High |
| The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request. | ||||
| CVE-2017-18583 | 1 Post Pay Counter Project | 1 Post Pay Counter | 2024-11-21 | N/A |
| The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. | ||||
| CVE-2017-18437 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | ||||
| CVE-2017-18389 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | ||||
| CVE-2017-18387 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | ||||
| CVE-2017-18386 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | ||||
| CVE-2017-18266 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Xdg-utils | 2024-11-21 | N/A |
| The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. | ||||
| CVE-2017-18049 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | N/A |
| In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page. | ||||
| CVE-2017-16043 | 1 Shout Project | 1 Shout | 2024-11-21 | 6.1 Medium |
| Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3. | ||||
| CVE-2017-15714 | 1 Apache | 1 Ofbiz | 2024-11-21 | N/A |
| The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute. | ||||
| CVE-2017-14523 | 1 Wondercms | 1 Wondercms | 2024-11-21 | N/A |
| WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack | ||||
| CVE-2017-14094 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | N/A |
| A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system. | ||||
| CVE-2017-10963 | 1 Samsung | 2 Knox Enterprise Mobility Management, Knox Identity Access Management | 2024-11-21 | N/A |
| In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world. | ||||
| CVE-2017-1000493 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A |
| Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover | ||||
| CVE-2017-1000454 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | ||||