|
248201
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2017-8303
|
2024-11-21 12:33 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248202
|
8.8 |
HIGH
Network
|
atlassian
|
hipchat_server
|
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-8080
|
2024-11-21 12:33 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248203
|
5.9 |
MEDIUM
Network
|
watchguard
|
panda_mobile_security
|
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-8060
|
2024-11-21 12:33 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248204
|
8.1 |
HIGH
Network
|
foxitsoftware
|
foxit_pdf
|
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-8059
|
2024-11-21 12:33 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248205
|
5.9 |
MEDIUM
Network
|
atlassian
|
hipchat
|
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent du…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-8058
|
2024-11-21 12:33 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248206
|
5.9 |
MEDIUM
Network
|
wordpress
|
wordpress
|
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?ac…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-8295
|
2024-11-21 12:33 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248207
|
3.8 |
LOW
Local
|
xen
novell
suse
|
xen
suse_linux_enterprise_point_of_sale
openstack_cloud
manager_proxy
manager
suse_linux_enterprise_server
|
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in th…
|
CWE-200
Information Exposure
|
CVE-2017-7995
|
2024-11-21 12:33 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248208
|
6.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-8112
|
2024-11-21 12:33 |
2017-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248209
|
6.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors inv…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-8086
|
2024-11-21 12:33 |
2017-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248210
|
8.8 |
HIGH
Adjacent
|
360fly
|
4k_camera_firmware
|
360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a…
|
CWE-287
Improper Authentication
|
CVE-2017-8403
|
2024-11-21 12:33 |
2017-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
