|
248091
|
9.8 |
CRITICAL
Network
|
codextrous
|
b2j_contact
|
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution.
|
CWE-20
Improper Input Validation
|
CVE-2017-5215
|
2024-11-21 12:27 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248092
|
7.5 |
HIGH
Network
|
codextrous
|
b2j_contact
|
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploade…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2017-5214
|
2024-11-21 12:27 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248093
|
9.8 |
CRITICAL
Network
|
mozilla
|
network_security_services
|
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-5461
|
2024-11-21 12:27 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248094
|
6.5 |
MEDIUM
Network
|
tibco
|
spotfire_server
spotfire_analytics_platform_for_aws
|
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier cont…
|
CWE-89
SQL Injection
|
CVE-2017-5527
|
2024-11-21 12:27 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248095
|
8.8 |
HIGH
Network
|
trendmicro
|
officescan
|
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
|
CWE-200
Information Exposure
|
CVE-2017-5481
|
2024-11-21 12:27 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248096
|
7.5 |
HIGH
Network
|
rapid7
|
appspider_pro
|
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of servi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5240
|
2024-11-21 12:27 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248097
|
7.8 |
HIGH
Local
|
rapid7
|
appspider_pro
|
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current w…
|
CWE-426
Untrusted Search Path
|
CVE-2017-5236
|
2024-11-21 12:27 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248098
|
9.1 |
CRITICAL
Network
|
technicolor
|
dpc3928sl_firmware
|
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c34…
|
NVD-CWE-noinfo
|
CVE-2017-5135
|
2024-11-21 12:27 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248099
|
7.5 |
HIGH
Network
|
netiq
novell
|
edirectory
imanager
|
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the de…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-5186
|
2024-11-21 12:27 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248100
|
6.1 |
MEDIUM
Network
|
netiq
|
access_manager
|
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5191
|
2024-11-21 12:27 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
