|
258191
|
7.8 |
HIGH
Local
|
hashicorp
|
vagrant
|
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo h…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-16777
|
2024-11-21 12:16 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258192
|
4.3 |
MEDIUM
Physics
|
sandisk
|
secureaccess
|
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2017-16560
|
2024-11-21 12:16 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258193
|
6.5 |
MEDIUM
Network
|
openstack
|
nova
|
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filte…
|
NVD-CWE-noinfo
|
CVE-2017-16239
|
2024-11-21 12:16 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258194
|
5.4 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16801
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258195
|
6.1 |
MEDIUM
Network
|
geminabox_project
|
geminabox
|
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16792
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258196
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cmsmadesimple
|
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16799
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258197
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16798
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258198
|
7.8 |
HIGH
Local
|
swftools
|
swftools
|
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-16797
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258199
|
7.8 |
HIGH
Local
|
swftools
|
swftools
|
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application cras…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16796
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258200
|
5.5 |
MEDIUM
Local
|
swftools
|
swftools
|
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-b…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16794
|
2024-11-21 12:16 |
2017-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
