Show filters
732 Total Results
Displaying 521-530 of 732
Sort by:
Attacker Value
Unknown

CVE-2017-7255

Disclosure Date: March 24, 2017 (last updated February 15, 2024)
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack.
0
0
Attacker Value
Unknown

CVE-2017-7257

Disclosure Date: March 24, 2017 (last updated February 15, 2024)
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
0
0
Attacker Value
Unknown

CVE-2017-6335

Disclosure Date: March 14, 2017 (last updated November 26, 2024)
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
0
0
Attacker Value
Unknown

CVE-2017-6555

Disclosure Date: March 09, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
0
0
Attacker Value
Unknown

CVE-2017-6556

Disclosure Date: March 09, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
0
0
Attacker Value
Unknown

CVE-2016-9830

Disclosure Date: March 01, 2017 (last updated November 26, 2024)
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
0
0
Attacker Value
Unknown

CVE-2016-5240

Disclosure Date: February 27, 2017 (last updated November 08, 2023)
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
0
0
Attacker Value
Unknown

CVE-2017-6070

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
0
0
Attacker Value
Unknown

CVE-2017-6072

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
0
0
Attacker Value
Unknown

CVE-2017-6071

Disclosure Date: February 21, 2017 (last updated November 26, 2024)
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >