|
251541
|
7.4 |
HIGH
Local
|
arqbackup
|
arq
|
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
|
CWE-362
CWE-59
Race Condition
Link Following
|
CVE-2017-15357
|
2024-11-21 12:14 |
2017-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251542
|
9.8 |
CRITICAL
Network
|
inedo
|
otter
|
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
|
CWE-22
Path Traversal
|
CVE-2017-15607
|
2024-11-21 12:14 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251543
|
5.5 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux
|
The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15116
|
2024-11-21 12:14 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251544
|
7.2 |
HIGH
Network
|
cs-cart
|
cs-cart
|
The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-15673
|
2024-11-21 12:14 |
2017-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251545
|
7.5 |
HIGH
Network
|
samba
redhat
debian
canonical
|
samba
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
debian_linux
ubuntu_linux
|
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15275
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251546
|
8.1 |
HIGH
Network
|
teampass
|
teampass
|
TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, e…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15055
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251547
|
7.5 |
HIGH
Network
|
teampass
|
teampass
|
An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerabi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-15054
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251548
|
4.9 |
MEDIUM
Network
|
teampass
|
teampass
|
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the applicatio…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15053
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251549
|
4.9 |
MEDIUM
Network
|
teampass
|
teampass
|
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or m…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15052
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251550
|
5.4 |
MEDIUM
Network
|
teampass
|
teampass
|
Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15051
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
