|
252321
|
4.7 |
MEDIUM
Local
|
phusion
debian
|
passenger
debian_linux
|
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the co…
|
CWE-200
Information Exposure
|
CVE-2017-16355
|
2024-11-21 12:16 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252322
|
8.8 |
HIGH
Network
|
sap
|
sap_kernel
|
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established t…
|
CWE-287
Improper Authentication
|
CVE-2017-16689
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252323
|
5.3 |
MEDIUM
Network
|
sap
|
hana_database
|
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid use…
|
CWE-200
Information Exposure
|
CVE-2017-16687
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252324
|
6.1 |
MEDIUM
Network
|
sap
|
business_warehouse_universal_data_integration
|
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16685
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252325
|
9.8 |
CRITICAL
Network
|
sap
|
business_intelligence_promotion_management_application
|
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
|
CWE-287
Improper Authentication
|
CVE-2017-16684
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252326
|
6.5 |
MEDIUM
Network
|
sap
|
businessobjects
|
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
|
NVD-CWE-noinfo
|
CVE-2017-16683
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252327
|
7.2 |
HIGH
Network
|
sap
|
netweaver_internet_transaction_server
business_application_software_integrated_solution
|
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be execute…
|
CWE-94
Code Injection
|
CVE-2017-16682
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252328
|
6.1 |
MEDIUM
Network
|
sap
|
business_intelligence_promotion_management_application
|
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16681
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252329
|
6.1 |
MEDIUM
Network
|
sap
|
sap_kernel
|
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45…
|
CWE-601
Open Redirect
|
CVE-2017-16679
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252330
|
4.7 |
MEDIUM
Network
|
sap
|
netweaver_knowledge_management_configuration_service
epbc2
epbc
kmc-bc
|
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attack…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-16678
|
2024-11-21 12:16 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
