|
249241
|
6.1 |
MEDIUM
Network
|
siemens
|
ruggedcom_rox_i
|
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induc…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2687
|
2024-11-21 12:23 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249242
|
6.5 |
MEDIUM
Network
|
siemens
|
ruggedcom_rox_i
|
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive informat…
|
CWE-200
Information Exposure
|
CVE-2017-2686
|
2024-11-21 12:23 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249243
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2645
|
2024-11-21 12:23 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249244
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 3.x, XSS can occur via evidence of prior learning.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2644
|
2024-11-21 12:23 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249245
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 3.2.x, global search displays user names for unauthenticated users.
|
CWE-200
Information Exposure
|
CVE-2017-2643
|
2024-11-21 12:23 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249246
|
9.8 |
CRITICAL
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
|
CWE-89
SQL Injection
|
CVE-2017-2641
|
2024-11-21 12:23 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249247
|
7.0 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
|
CWE-362
CWE-415
Race Condition
Double Free
|
CVE-2017-2636
|
2024-11-21 12:23 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249248
|
8.8 |
HIGH
Network
|
puppet
|
mcollective-puppet-agent
|
On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next "mco…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-2290
|
2024-11-21 12:23 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249249
|
7.4 |
HIGH
Network
|
siemens
|
sinumerik_operate
sinumerik_integrate_access_mymachine\/ethernet
sinumerik_integrate_operate_client
|
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow …
|
CWE-200
Information Exposure
|
CVE-2017-2685
|
2024-11-21 12:23 |
2017-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249250
|
8.2 |
HIGH
Network
|
siemens
|
ruggedcom_network_management_software
|
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtainin…
|
CWE-79
Cross-site Scripting
|
CVE-2017-2683
|
2024-11-21 12:23 |
2017-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
