|
251901
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15013
|
2024-11-21 12:13 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251902
|
6.1 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog par…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14588
|
2024-11-21 12:13 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251903
|
5.4 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14587
|
2024-11-21 12:13 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251904
|
7.5 |
HIGH
Network
|
trapezegroup
|
transitmaster
|
Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is indep…
|
CWE-200
Information Exposure
|
CVE-2017-14943
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251905
|
5.6 |
MEDIUM
Local
|
qemu
|
qemu
|
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to rea…
|
CWE-362
Race Condition
|
CVE-2017-15038
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251906
|
9.8 |
CRITICAL
Network
|
flexense
|
syncbreeze
|
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14980
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251907
|
6.5 |
MEDIUM
Network
|
gridgain
|
gridgain
|
Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary…
|
CWE-22
Path Traversal
|
CVE-2017-14614
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251908
|
7.5 |
HIGH
Network
|
digium
|
asterisk
certified_asterisk
|
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allo…
|
CWE-200
Information Exposure
|
CVE-2017-14603
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251909
|
5.4 |
MEDIUM
Network
|
identicard
|
two-reader_controller_configuration_manager
|
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user pag…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14973
|
2024-11-21 12:13 |
2017-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251910
|
7.5 |
HIGH
Network
|
infocus
|
mondopad
|
InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file.
|
CWE-287
Improper Authentication
|
CVE-2017-14972
|
2024-11-21 12:13 |
2017-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
