|
250431
|
7.8 |
HIGH
Local
|
gnu
redhat
|
glibc
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
|
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to g…
|
CWE-426
Untrusted Search Path
|
CVE-2017-16997
|
2024-11-21 12:17 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250432
|
6.1 |
MEDIUM
Network
|
urbackup
|
urbackup_server
|
Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16950
|
2024-11-21 12:17 |
2017-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250433
|
8.8 |
HIGH
Network
|
ruby-lang
debian
redhat
|
ruby
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_server_eus
enterprise_linux_server_tus
|
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument star…
|
CWE-78
OS Command
|
CVE-2017-17405
|
2024-11-21 12:17 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250434
|
5.9 |
MEDIUM
Network
|
radware
|
alteon_firmware
|
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed …
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2017-17427
|
2024-11-21 12:17 |
2017-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250435
|
5.9 |
MEDIUM
Network
|
citrix
|
application_delivery_controller_firmware
netscaler_gateway_firmware
|
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote …
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-17382
|
2024-11-21 12:17 |
2017-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250436
|
9.8 |
CRITICAL
Network
|
scubez
|
posty_readymade_classifieds
|
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
|
CWE-89
SQL Injection
|
CVE-2017-17111
|
2024-11-21 12:17 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250437
|
9.8 |
CRITICAL
Network
|
techno_-_portfolio_management_panel_project
|
techno_-_portfolio_management_panel
|
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
|
CWE-89
SQL Injection
|
CVE-2017-17110
|
2024-11-21 12:17 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250438
|
6.5 |
MEDIUM
Network
|
otrs
debian
|
otrs
debian_linux
|
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose int…
|
CWE-200
Information Exposure
|
CVE-2017-16854
|
2024-11-21 12:17 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250439
|
8.8 |
HIGH
Network
|
otrs
debian
|
otrs
debian_linux
|
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form paramete…
|
CWE-78
OS Command
|
CVE-2017-16921
|
2024-11-21 12:17 |
2017-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250440
|
7.8 |
HIGH
Local
|
tgsoft
|
vir.it_explorer
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17473
|
2024-11-21 12:17 |
2017-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
