|
250231
|
9.8 |
CRITICAL
Network
|
fiberhome
|
lm53q1_firmware
|
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure …
|
CWE-275
Permission Issues
|
CVE-2017-16887
|
2024-11-21 12:17 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250232
|
8.8 |
HIGH
Network
|
fiberhome
|
lm53q1_firmware
|
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an…
|
CWE-352
Origin Validation Error
|
CVE-2017-16886
|
2024-11-21 12:17 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250233
|
9.8 |
CRITICAL
Network
|
fiberhome
|
lm53q1_firmware
|
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to l…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16885
|
2024-11-21 12:17 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250234
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
|
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16864
|
2024-11-21 12:17 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250235
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira
|
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2017-16862
|
2024-11-21 12:17 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250236
|
6.1 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspe…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16878
|
2024-11-21 12:17 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250237
|
8.1 |
HIGH
Network
|
duolingo
|
tinycards
|
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in…
|
CWE-94
Code Injection
|
CVE-2017-16905
|
2024-11-21 12:17 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250238
|
9.8 |
CRITICAL
Network
|
gps-server
|
gps_tracking_software
|
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled …
|
CWE-94
Code Injection
|
CVE-2017-17098
|
2024-11-21 12:17 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250239
|
9.8 |
CRITICAL
Network
|
gps-server
|
gps_tracking_software
|
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-17097
|
2024-11-21 12:17 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250240
|
4.8 |
MEDIUM
Network
|
webmin
|
webmin
|
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17089
|
2024-11-21 12:17 |
2017-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
