|
252131
|
6.1 |
MEDIUM
Network
|
blogotext_project
|
blogotext
|
Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for examp…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14957
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252132
|
5.9 |
MEDIUM
Network
|
checkmk
|
checkmk
|
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GU…
|
CWE-200
CWE-362
Information Exposure
Race Condition
|
CVE-2017-14955
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252133
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass…
|
CWE-200
Information Exposure
|
CVE-2017-14954
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252134
|
6.5 |
MEDIUM
Network
|
jaspersoft
|
jasperreports
|
Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and rea…
|
CWE-200
Information Exposure
|
CVE-2017-14941
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252135
|
7.5 |
HIGH
Adjacent
|
philips
|
hue_bridge_bsb002_firmware
|
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obta…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-14797
|
2024-11-21 12:13 |
2017-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252136
|
7.8 |
HIGH
Local
|
artifex
|
gsview
|
Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14947
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252137
|
7.8 |
HIGH
Local
|
artifex
|
gsview
|
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Bra…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14946
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252138
|
7.8 |
HIGH
Local
|
artifex
|
gsview
|
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at K…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14945
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252139
|
7.5 |
HIGH
Network
|
inedo
|
proget
|
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
|
CWE-20
Improper Input Validation
|
CVE-2017-14944
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252140
|
9.8 |
CRITICAL
Network
|
intelbras
|
wrn_150_firmware
|
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2017-14942
|
2024-11-21 12:13 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
