|
251371
|
9.8 |
CRITICAL
Network
|
protectedlinks
|
expiring_download_links
|
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
|
CWE-89
SQL Injection
|
CVE-2017-15977
|
2024-11-21 12:15 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251372
|
5.4 |
MEDIUM
Network
|
synology
|
audio_station
|
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15888
|
2024-11-21 12:15 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251373
|
7.5 |
HIGH
Network
|
watchdogdevelopment
|
anti-malware
online_security_pro
|
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15921
|
2024-11-21 12:15 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251374
|
7.5 |
HIGH
Network
|
watchdogdevelopment
|
anti-malware
online_security_pro
|
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15920
|
2024-11-21 12:15 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251375
|
7.2 |
HIGH
Network
|
eyesofnetwork
|
eyesofnetwork
|
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capaci…
|
CWE-89
SQL Injection
|
CVE-2017-16000
|
2024-11-21 12:15 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251376
|
9.8 |
CRITICAL
Network
|
nq
|
contacts_backup_\&_restore
|
In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with a…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-15999
|
2024-11-21 12:15 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251377
|
7.5 |
HIGH
Network
|
nq
|
contacts_backup_\&_restore
|
In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cle…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-15998
|
2024-11-21 12:15 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251378
|
7.8 |
HIGH
Local
|
nq
|
contacts_backup_\&_restore
|
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attac…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-15997
|
2024-11-21 12:15 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251379
|
7.8 |
HIGH
Local
|
gnu
|
binutils
|
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that trig…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15996
|
2024-11-21 12:15 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251380
|
9.8 |
CRITICAL
Network
|
samba
|
rsync
|
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has signi…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2017-15994
|
2024-11-21 12:15 |
2017-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
