|
250391
|
7.8 |
HIGH
Local
|
haystacksoftware
|
arq
|
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16945
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250392
|
7.8 |
HIGH
Local
|
haystacksoftware
|
arq
|
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/bl…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16928
|
2024-11-21 12:17 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250393
|
6.8 |
MEDIUM
Network
|
atlassian
|
crowd
|
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST reque…
|
CWE-287
Improper Authentication
|
CVE-2017-16858
|
2024-11-21 12:17 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250394
|
9.8 |
CRITICAL
Network
|
netgain-systems
|
enterprise_manager
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit t…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2017-17407
|
2024-11-21 12:17 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250395
|
9.8 |
CRITICAL
Network
|
netgain-systems
|
enterprise_manager
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The speci…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-17406
|
2024-11-21 12:17 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250396
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
|
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16863
|
2024-11-21 12:17 |
2018-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250397
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
|
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an env…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-16865
|
2024-11-21 12:17 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250398
|
5.5 |
MEDIUM
Local
|
k7computing
|
antivirus
internet_security
ultimate_security
endpoint
total_security
|
In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sendi…
|
CWE-20
Improper Input Validation
|
CVE-2017-17429
|
2024-11-21 12:17 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250399
|
9.8 |
CRITICAL
Network
|
fiberhome
|
lm53q1_firmware
|
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure …
|
CWE-275
Permission Issues
|
CVE-2017-16887
|
2024-11-21 12:17 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250400
|
8.8 |
HIGH
Network
|
fiberhome
|
lm53q1_firmware
|
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an…
|
CWE-352
Origin Validation Error
|
CVE-2017-16886
|
2024-11-21 12:17 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
