|
251881
|
7.5 |
HIGH
Network
|
restlet
|
restlet
|
Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not paramete…
|
CWE-611
XXE
|
CVE-2017-14949
|
2024-11-21 12:13 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251882
|
7.5 |
HIGH
Network
|
restlet
|
restlet
|
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
|
CWE-611
XXE
|
CVE-2017-14868
|
2024-11-21 12:13 |
2017-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251883
|
9.0 |
CRITICAL
Network
|
atlassian
|
crucible
fisheye
|
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary cod…
|
CWE-88
Argument Injection
|
CVE-2017-14591
|
2024-11-21 12:13 |
2017-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251884
|
9.8 |
CRITICAL
Network
|
samba
redhat
debian
canonical
|
samba
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
debian_linux
ubuntu_linux
|
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
|
CWE-416
Use After Free
|
CVE-2017-14746
|
2024-11-21 12:13 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251885
|
9.8 |
CRITICAL
Network
|
atlassian
|
hipchat
|
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14586
|
2024-11-21 12:13 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251886
|
7.2 |
HIGH
Network
|
atlassian
|
hipchat_server
hipchat_data_center
|
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-14585
|
2024-11-21 12:13 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251887
|
8.8 |
HIGH
Network
|
docuware
|
fulltext_server
|
The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access con…
|
NVD-CWE-noinfo
|
CVE-2017-15044
|
2024-11-21 12:13 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251888
|
7.8 |
HIGH
Local
|
ikarussecurity
|
anti.virus
|
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
|
CWE-20
Improper Input Validation
|
CVE-2017-14961
|
2024-11-21 12:13 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251889
|
8.1 |
HIGH
Network
|
kickbase
|
bundesliga_manager
|
The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and passw…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-14711
|
2024-11-21 12:13 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251890
|
4.8 |
MEDIUM
Network
|
zurmo
|
zurmo_crm
|
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15039
|
2024-11-21 12:13 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
