|
252071
|
5.4 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14587
|
2024-11-21 12:13 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252072
|
7.5 |
HIGH
Network
|
trapezegroup
|
transitmaster
|
Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is indep…
|
CWE-200
Information Exposure
|
CVE-2017-14943
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252073
|
5.6 |
MEDIUM
Local
|
qemu
|
qemu
|
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to rea…
|
CWE-362
Race Condition
|
CVE-2017-15038
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252074
|
9.8 |
CRITICAL
Network
|
flexense
|
syncbreeze
|
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14980
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252075
|
6.5 |
MEDIUM
Network
|
gridgain
|
gridgain
|
Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary…
|
CWE-22
Path Traversal
|
CVE-2017-14614
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252076
|
7.5 |
HIGH
Network
|
digium
|
asterisk
certified_asterisk
|
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allo…
|
CWE-200
Information Exposure
|
CVE-2017-14603
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252077
|
5.4 |
MEDIUM
Network
|
identicard
|
two-reader_controller_configuration_manager
|
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user pag…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14973
|
2024-11-21 12:13 |
2017-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252078
|
7.5 |
HIGH
Network
|
infocus
|
mondopad
|
InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file.
|
CWE-287
Improper Authentication
|
CVE-2017-14972
|
2024-11-21 12:13 |
2017-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252079
|
5.5 |
MEDIUM
Local
|
infocuscorp
|
infocus_mondopad
|
Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated w…
|
CWE-200
Information Exposure
|
CVE-2017-14971
|
2024-11-21 12:13 |
2017-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252080
|
5.5 |
MEDIUM
Local
|
lame_project
|
lame
|
LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15045
|
2024-11-21 12:13 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
