CVE-2017-14842

Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.

Source: CVE-2017-14842

CVE-2017-14847

Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.

Source: CVE-2017-14847

CVE-2017-14844

Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.

Source: CVE-2017-14844

CVE-2017-14849

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

Source: CVE-2017-14849

CVE-2017-14840

TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.

Source: CVE-2017-14840

CVE-2017-1577

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

Source: CVE-2017-1577

CVE-2017-14843

Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.

Source: CVE-2017-14843

CVE-2017-1591

IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Source: CVE-2017-1591

CVE-2017-1483

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.

Source: CVE-2017-1483

CVE-2017-2551

Vulnerability in WordPress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.

Source: CVE-2017-2551