|
249691
|
5.9 |
MEDIUM
Network
|
presentcast_inc
|
tver
|
The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte…
|
CWE-200
Information Exposure
|
CVE-2017-2105
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249692
|
5.9 |
MEDIUM
Network
|
k-opticom_corporation
|
business_lala_call
|
The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio…
|
CWE-200
Information Exposure
|
CVE-2017-2104
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249693
|
5.9 |
MEDIUM
Network
|
k-opticom_corporation
|
lala_call
|
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c…
|
CWE-200
Information Exposure
|
CVE-2017-2103
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249694
|
8.8 |
HIGH
Network
|
ipa
|
appgoat
|
Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of admini…
|
CWE-352
Origin Validation Error
|
CVE-2017-2102
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249695
|
7.3 |
HIGH
Network
|
ipa
|
appgoat
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2017-2101
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249696
|
6.3 |
MEDIUM
Network
|
ipa
|
appgoat
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2017-2100
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249697
|
6.3 |
MEDIUM
Network
|
ipa
|
appgoat
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-2099
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249698
|
6.5 |
MEDIUM
Network
|
cubecart
|
cubecart
|
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2017-2098
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249699
|
8.8 |
HIGH
Network
|
support-project
|
knowledge
|
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2017-2097
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249700
|
9.8 |
CRITICAL
Network
|
smalruby
|
smalruby-editor
|
smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2017-2096
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
