|
254581
|
7.5 |
HIGH
Network
|
teampass
|
teampass
|
An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerabi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-15054
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254582
|
4.9 |
MEDIUM
Network
|
teampass
|
teampass
|
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the applicatio…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15053
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254583
|
4.9 |
MEDIUM
Network
|
teampass
|
teampass
|
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or m…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15052
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254584
|
5.4 |
MEDIUM
Network
|
teampass
|
teampass
|
Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15051
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254585
|
8.1 |
HIGH
Network
|
redhat
|
openstack_platform
|
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authenticati…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-15114
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254586
|
6.1 |
MEDIUM
Network
|
theforeman
redhat
|
foreman
satellite
satellite_capsule
|
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends…
|
-
|
CVE-2017-15100
|
2024-11-21 12:14 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254587
|
9.8 |
CRITICAL
Network
|
mit
|
kerberos_5
|
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15088
|
2024-11-21 12:14 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254588
|
3.7 |
LOW
Network
|
norton
|
install_norton_security
|
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pu…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-15528
|
2024-11-21 12:14 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254589
|
6.5 |
MEDIUM
Network
|
postgresql
debian
|
postgresql
debian_linux
|
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits …
|
CWE-200
Information Exposure
|
CVE-2017-15099
|
2024-11-21 12:14 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254590
|
8.1 |
HIGH
Network
|
postgresql
debian
|
postgresql
debian_linux
|
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can cr…
|
CWE-200
Information Exposure
|
CVE-2017-15098
|
2024-11-21 12:14 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
