|
252431
|
7.4 |
HIGH
Network
|
microfocus
|
project_and_portfolio_management
|
Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.
|
NVD-CWE-noinfo
|
CVE-2017-14361
|
2024-11-21 12:12 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252432
|
6.1 |
MEDIUM
Network
|
dell
|
2355dn_firmware
2335dn_firmware
|
The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vuln…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14386
|
2024-11-21 12:12 |
2017-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252433
|
9.8 |
CRITICAL
Network
|
dell
|
storage_manager
|
The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially d…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-14374
|
2024-11-21 12:12 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252434
|
7.8 |
HIGH
Local
|
microfocus
|
connected_backup
|
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.
|
NVD-CWE-noinfo
|
CVE-2017-14355
|
2024-11-21 12:12 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252435
|
6.1 |
MEDIUM
Network
|
sap
|
businessobjects_financial_consolidation
|
Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14516
|
2024-11-21 12:12 |
2017-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252436
|
9.1 |
CRITICAL
Network
|
ohmibod
|
ohmibod_remote
|
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, use…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2017-14487
|
2024-11-21 12:12 |
2017-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252437
|
7.5 |
HIGH
Network
|
vibease
|
chat
wireless_remote_vibrator
|
The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease se…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-14486
|
2024-11-21 12:12 |
2017-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252438
|
8.8 |
HIGH
Network
|
squiz
|
matrix
|
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously cra…
|
CWE-94
Code Injection
|
CVE-2017-14198
|
2024-11-21 12:12 |
2017-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252439
|
6.1 |
MEDIUM
Network
|
squiz
|
matrix
|
An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14197
|
2024-11-21 12:12 |
2017-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252440
|
7.5 |
HIGH
Network
|
squiz
|
matrix
|
An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files …
|
CWE-22
Path Traversal
|
CVE-2017-14196
|
2024-11-21 12:12 |
2017-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
