|
255511
|
9.8 |
CRITICAL
Network
|
opwglobal
|
sitesentinel_isite_atg_firmware
sitesentinel_integra_500_firmware
sitesentinel_integra_100_firmware
|
A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older…
|
CWE-89
SQL Injection
|
CVE-2017-12731
|
2024-11-21 12:10 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255512
|
7.1 |
HIGH
Local
|
azeotech
|
daqfactory
|
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with m…
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-12699
|
2024-11-21 12:10 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255513
|
5.5 |
MEDIUM
Local
|
mp3gain
|
mp3gain
|
The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12912
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255514
|
5.5 |
MEDIUM
Local
|
mp3gain
|
mp3gain
|
The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12911
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255515
|
6.1 |
MEDIUM
Network
|
nexusphp_project
|
nexusphp
|
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12906
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255516
|
8.8 |
HIGH
Network
|
nexusphp_project
|
nexusphp
|
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add …
|
CWE-352
Origin Validation Error
|
CVE-2017-12838
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255517
|
6.1 |
MEDIUM
Network
|
djangoproject
|
django
|
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12794
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255518
|
7.5 |
HIGH
Network
|
simplesamlphp
debian
|
infocard_module
debian_linux
|
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
|
CWE-20
Improper Input Validation
|
CVE-2017-12874
|
2024-11-21 12:10 |
2017-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255519
|
9.8 |
CRITICAL
Network
|
simplesamlphp
debian
|
simplesamlphp
debian_linux
|
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID genera…
|
CWE-384
Session Fixation
|
CVE-2017-12873
|
2024-11-21 12:10 |
2017-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255520
|
5.9 |
MEDIUM
Network
|
simplesamlphp
debian
|
simplesamlphp
debian_linux
|
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by l…
|
CWE-200
Information Exposure
|
CVE-2017-12872
|
2024-11-21 12:10 |
2017-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
