|
250871
|
8.8 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2017-16571
|
2024-11-21 12:16 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250872
|
6.5 |
MEDIUM
Network
|
meinbergglobal
|
lantime_firmware
|
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterl…
|
CWE-200
Information Exposure
|
CVE-2017-16786
|
2024-11-21 12:16 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250873
|
7.2 |
HIGH
Network
|
meinbergglobal
|
lantime_firmware
|
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users w…
|
CWE-22
Path Traversal
|
CVE-2017-16788
|
2024-11-21 12:16 |
2017-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250874
|
6.5 |
MEDIUM
Network
|
meinbergglobal
|
lantime_firmware
|
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.
|
CWE-200
Information Exposure
|
CVE-2017-16787
|
2024-11-21 12:16 |
2017-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250875
|
8.1 |
HIGH
Network
|
mckesson
|
conserus_workflow_intelligence
|
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change He…
|
NVD-CWE-noinfo
|
CVE-2017-16776
|
2024-11-21 12:16 |
2017-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250876
|
4.7 |
MEDIUM
Local
|
phusion
debian
|
passenger
debian_linux
|
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the co…
|
CWE-200
Information Exposure
|
CVE-2017-16355
|
2024-11-21 12:16 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250877
|
8.8 |
HIGH
Network
|
sap
|
sap_kernel
|
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established t…
|
CWE-287
Improper Authentication
|
CVE-2017-16689
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250878
|
5.3 |
MEDIUM
Network
|
sap
|
hana_database
|
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid use…
|
CWE-200
Information Exposure
|
CVE-2017-16687
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250879
|
6.1 |
MEDIUM
Network
|
sap
|
business_warehouse_universal_data_integration
|
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16685
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250880
|
9.8 |
CRITICAL
Network
|
sap
|
business_intelligence_promotion_management_application
|
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
|
CWE-287
Improper Authentication
|
CVE-2017-16684
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
