CVE-2017-14764 (genixcms)

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.

Source: CVE-2017-14764 (genixcms)

CVE-2017-14765 (genixcms)

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.

Source: CVE-2017-14765 (genixcms)

CVE-2017-14763 (genixcms)

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.

Source: CVE-2017-14763 (genixcms)

CVE-2017-14762

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.

Source: CVE-2017-14762

CVE-2017-14763

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.

Source: CVE-2017-14763

CVE-2017-14766

The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.

Source: CVE-2017-14766

CVE-2017-14765

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.

Source: CVE-2017-14765

CVE-2017-14767

The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.

Source: CVE-2017-14767

CVE-2017-14764

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.

Source: CVE-2017-14764

CVE-2017-14761

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.

Source: CVE-2017-14761