|
251021
|
7.5 |
HIGH
Network
|
php
debian
canonical
netapp
|
php
debian_linux
ubuntu_linux
storage_automation_store
clustered_data_ontap
|
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16642
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251022
|
7.2 |
HIGH
Network
|
cacti
|
cacti
|
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
|
CWE-78
OS Command
|
CVE-2017-16641
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251023
|
9.8 |
CRITICAL
Network
|
vde_project
|
vde
|
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16638
|
2024-11-21 12:16 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251024
|
4.4 |
MEDIUM
Local
|
perfect-privacy
|
vpn_manager
|
In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdva…
|
CWE-20
Improper Input Validation
|
CVE-2017-16637
|
2024-11-21 12:16 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251025
|
5.4 |
MEDIUM
Network
|
bludit
|
bludit
|
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validatio…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16636
|
2024-11-21 12:16 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251026
|
5.4 |
MEDIUM
Network
|
tinywebgallery
|
tinywebgallery
|
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend acce…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16635
|
2024-11-21 12:16 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251027
|
8.8 |
HIGH
Network
|
keystonejs
|
keystone
|
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests th…
|
CWE-352
Origin Validation Error
|
CVE-2017-16570
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251028
|
4.8 |
MEDIUM
Network
|
zurmo
|
zurmo_crm
|
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
|
CWE-601
Open Redirect
|
CVE-2017-16569
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251029
|
8.8 |
HIGH
Network
|
grandstream
|
ht802_firmware
|
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arb…
|
CWE-352
Origin Validation Error
|
CVE-2017-16565
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251030
|
5.4 |
MEDIUM
Network
|
grandstream
|
ht802_firmware
|
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16564
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
