|
248171
|
7.8 |
HIGH
Local
|
lhaforge_project
|
lhaforge
|
Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-2288
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248172
|
7.8 |
HIGH
Local
|
sony
|
nfc_port_software_remover
|
Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-2287
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248173
|
6.1 |
MEDIUM
Network
|
silkypress
|
simple_custom_css_and_js
|
Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2285
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248174
|
6.1 |
MEDIUM
Network
|
code-atlantic
|
popup_maker
|
Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2284
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248175
|
8.0 |
HIGH
Adjacent
|
iodata
|
wn-g300r3_firmware
|
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-2283
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248176
|
6.8 |
MEDIUM
Adjacent
|
iodata
|
wn-ax1167gr_firmware
|
Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-2282
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248177
|
8.8 |
HIGH
Adjacent
|
iodata
|
wn-ax1167gr_firmware
|
WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2017-2281
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248178
|
8.8 |
HIGH
Adjacent
|
iodata
|
wn-ax1167gr_firmware
|
WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-2280
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248179
|
7.8 |
HIGH
Local
|
kiri
|
tween
|
Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2017-2279
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248180
|
5.9 |
MEDIUM
Network
|
iid
|
rbb_speed_test
|
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-2278
|
2024-11-21 12:23 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
