|
250401
|
9.8 |
CRITICAL
Network
|
fiberhome
|
lm53q1_firmware
|
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to l…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16885
|
2024-11-21 12:17 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250402
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
|
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16864
|
2024-11-21 12:17 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250403
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira
|
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.
|
CWE-352
Origin Validation Error
|
CVE-2017-16862
|
2024-11-21 12:17 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250404
|
6.1 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspe…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16878
|
2024-11-21 12:17 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250405
|
8.1 |
HIGH
Network
|
duolingo
|
tinycards
|
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in…
|
CWE-94
Code Injection
|
CVE-2017-16905
|
2024-11-21 12:17 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250406
|
9.8 |
CRITICAL
Network
|
gps-server
|
gps_tracking_software
|
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled …
|
CWE-94
Code Injection
|
CVE-2017-17098
|
2024-11-21 12:17 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250407
|
9.8 |
CRITICAL
Network
|
gps-server
|
gps_tracking_software
|
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-17097
|
2024-11-21 12:17 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250408
|
4.8 |
MEDIUM
Network
|
webmin
|
webmin
|
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17089
|
2024-11-21 12:17 |
2017-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250409
|
6.1 |
MEDIUM
Network
|
mistune_project
fedoraproject
|
mistune
fedora
|
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape t…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16876
|
2024-11-21 12:17 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250410
|
7.8 |
HIGH
Local
|
sony
|
content_manager_assistant
|
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified dire…
|
CWE-426
Untrusted Search Path
|
CVE-2017-17010
|
2024-11-21 12:17 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
