|
252051
|
9.0 |
CRITICAL
Network
|
atlassian
|
crucible
fisheye
|
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary cod…
|
CWE-88
Argument Injection
|
CVE-2017-14591
|
2024-11-21 12:13 |
2017-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252052
|
9.8 |
CRITICAL
Network
|
samba
redhat
debian
canonical
|
samba
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
debian_linux
ubuntu_linux
|
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
|
CWE-416
Use After Free
|
CVE-2017-14746
|
2024-11-21 12:13 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252053
|
9.8 |
CRITICAL
Network
|
atlassian
|
hipchat
|
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14586
|
2024-11-21 12:13 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252054
|
7.2 |
HIGH
Network
|
atlassian
|
hipchat_server
hipchat_data_center
|
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-14585
|
2024-11-21 12:13 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252055
|
8.8 |
HIGH
Network
|
docuware
|
fulltext_server
|
The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access con…
|
NVD-CWE-noinfo
|
CVE-2017-15044
|
2024-11-21 12:13 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252056
|
7.8 |
HIGH
Local
|
ikarussecurity
|
anti.virus
|
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
|
CWE-20
Improper Input Validation
|
CVE-2017-14961
|
2024-11-21 12:13 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252057
|
8.1 |
HIGH
Network
|
kickbase
|
bundesliga_manager
|
The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and passw…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-14711
|
2024-11-21 12:13 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252058
|
4.8 |
MEDIUM
Network
|
zurmo
|
zurmo_crm
|
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15039
|
2024-11-21 12:13 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252059
|
6.5 |
MEDIUM
Network
|
docker
|
docker
|
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause …
|
CWE-20
Improper Input Validation
|
CVE-2017-14992
|
2024-11-21 12:13 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252060
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14752
|
2024-11-21 12:13 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
