|
255551
|
7.8 |
HIGH
Local
|
akky
|
7-zip32.dll
|
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified …
|
CWE-426
Untrusted Search Path
|
CVE-2017-2107
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255552
|
6.1 |
MEDIUM
Network
|
webmin
|
webmin
|
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2106
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255553
|
5.9 |
MEDIUM
Network
|
presentcast_inc
|
tver
|
The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte…
|
CWE-200
Information Exposure
|
CVE-2017-2105
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255554
|
5.9 |
MEDIUM
Network
|
k-opticom_corporation
|
business_lala_call
|
The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio…
|
CWE-200
Information Exposure
|
CVE-2017-2104
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255555
|
5.9 |
MEDIUM
Network
|
k-opticom_corporation
|
lala_call
|
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c…
|
CWE-200
Information Exposure
|
CVE-2017-2103
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255556
|
8.8 |
HIGH
Network
|
ipa
|
appgoat
|
Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of admini…
|
CWE-352
Origin Validation Error
|
CVE-2017-2102
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255557
|
7.3 |
HIGH
Network
|
ipa
|
appgoat
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2017-2101
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255558
|
6.3 |
MEDIUM
Network
|
ipa
|
appgoat
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2017-2100
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255559
|
6.3 |
MEDIUM
Network
|
ipa
|
appgoat
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-2099
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255560
|
6.5 |
MEDIUM
Network
|
cubecart
|
cubecart
|
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2017-2098
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
