|
253091
|
7.8 |
HIGH
Local
|
rapid7
|
appspider_pro
|
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current w…
|
CWE-426
Untrusted Search Path
|
CVE-2017-5236
|
2024-11-21 12:27 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253092
|
9.1 |
CRITICAL
Network
|
technicolor
|
dpc3928sl_firmware
|
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c34…
|
NVD-CWE-noinfo
|
CVE-2017-5135
|
2024-11-21 12:27 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253093
|
7.5 |
HIGH
Network
|
netiq
novell
|
edirectory
imanager
|
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the de…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-5186
|
2024-11-21 12:27 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253094
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5191
|
2024-11-21 12:27 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253095
|
5.3 |
MEDIUM
Network
|
aveva
|
wonderware_intouch_access_anywhere
|
An Inadequate Encryption Strength issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The software will connect via Transport Layer Security witho…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-5160
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253096
|
9.8 |
CRITICAL
Network
|
aveva
|
wonderware_intouch_access_anywhere
|
An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parame…
|
CWE-200
Information Exposure
|
CVE-2017-5158
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253097
|
8.8 |
HIGH
Network
|
aveva
|
wonderware_intouch_access_anywhere
|
A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will…
|
CWE-352
Origin Validation Error
|
CVE-2017-5156
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253098
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5183
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253099
|
3.1 |
LOW
Network
|
netiq
|
access_manager
|
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to …
|
CWE-200
Information Exposure
|
CVE-2017-5190
|
2024-11-21 12:27 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253100
|
3.5 |
LOW
Network
|
splunk
|
splunk
|
Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 a…
|
CWE-200
Information Exposure
|
CVE-2017-5607
|
2024-11-21 12:27 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
