|
253411
|
9.8 |
CRITICAL
Network
|
dlink
|
dgs-1500_firmware
|
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-15909
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253412
|
5.3 |
MEDIUM
Network
|
openbsd
oracle
debian
netapp
redhat
|
openssh
sun_zfs_storage_appliance_kit
debian_linux
cloud_backup
data_ontap_edge
steelstore_cloud_integrated_storage
clustered_data_ontap
solidfire
hci_management_node
activ…
|
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-15906
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253413
|
6.1 |
MEDIUM
Network
|
axis
|
2100_network_camera_firmware
|
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE:…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15885
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253414
|
4.8 |
MEDIUM
Network
|
keystonejs
|
keystone
|
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" fi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15881
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253415
|
7.2 |
HIGH
Network
|
eyesofnetwork
|
eyesofnetwork
|
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name paramet…
|
CWE-89
SQL Injection
|
CVE-2017-15880
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253416
|
8.8 |
HIGH
Network
|
keystonejs
|
keystone
|
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a …
|
CWE-20
Improper Input Validation
|
CVE-2017-15879
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253417
|
6.1 |
MEDIUM
Network
|
keystonejs
|
keystone
|
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15878
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253418
|
5.5 |
MEDIUM
Local
|
busybox
|
busybox
|
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2017-15874
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253419
|
5.5 |
MEDIUM
Local
|
busybox
debian
canonical
|
busybox
debian_linux
ubuntu_linux
|
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-15873
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253420
|
4.8 |
MEDIUM
Network
|
phpwcms
|
phpwcms
|
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15872
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
