NVD List
Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
---|---|---|---|---|---|---|---|---|---|
86635 | CVE-2017-7314 | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available. | 2 | 5 | Medium | 2017-06-17 | 2017-06-14 | View | |
86634 | CVE-2017-7313 | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required. | 2 | 5 | Medium | 2017-06-17 | 2017-06-14 | View | |
86633 | CVE-2017-7312 | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords). | 2 | 7.5 | High | 2017-06-17 | 2017-06-14 | View | |
84061 | CVE-2017-7310 | A buffer overflow vulnerability in Import Command in Sync Breeze Enterprise Client 9.5.16, Disk Sorter Enterprise Client 9.5.12, and DiskBoss Enterprise Client 7.8.16 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element. | 2 | 6.8 | Medium | 2017-04-27 | 2017-04-03 | View | |
84795 | CVE-2017-7309 | A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3. | 2 | 3.5 | Low | 2017-07-18 | 2017-07-11 | View |
Page 280 of 17672, showing 5 records out of 88360 total, starting on record 1396, ending on 1400