|
250961
|
7.5 |
HIGH
Network
|
moxa
|
nport_5110_firmware
nport_5130_firmware
nport_5150_firmware
|
An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 V…
|
CWE-200
Information Exposure
|
CVE-2017-16715
|
2024-11-21 12:16 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250962
|
7.8 |
HIGH
Local
|
hashicorp
|
vagrant
|
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo h…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-16777
|
2024-11-21 12:16 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250963
|
4.3 |
MEDIUM
Physics
|
sandisk
|
secureaccess
|
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2017-16560
|
2024-11-21 12:16 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250964
|
6.5 |
MEDIUM
Network
|
openstack
|
nova
|
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filte…
|
NVD-CWE-noinfo
|
CVE-2017-16239
|
2024-11-21 12:16 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250965
|
5.4 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16801
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250966
|
6.1 |
MEDIUM
Network
|
geminabox_project
|
geminabox
|
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16792
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250967
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cmsmadesimple
|
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16799
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250968
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16798
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250969
|
7.8 |
HIGH
Local
|
swftools
|
swftools
|
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-16797
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250970
|
7.8 |
HIGH
Local
|
swftools
|
swftools
|
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application cras…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16796
|
2024-11-21 12:16 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
