|
250971
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiwlc
|
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-17539
|
2024-11-21 12:18 |
2018-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250972
|
7.5 |
HIGH
Network
|
fortinet
|
forticlient
forticlient_sslvpn_client
|
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Clie…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-17543
|
2024-11-21 12:18 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250973
|
8.8 |
HIGH
Network
|
foxitsoftware
|
phantompdf
foxit_reader
|
In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the b…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17557
|
2024-11-21 12:18 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250974
|
9.8 |
CRITICAL
Network
|
openslp
debian
canonical
redhat
lenovo
|
openslp
debian_linux
ubuntu_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_eus
enterprise_linux_server_tus
enterpr…
|
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17833
|
2024-11-21 12:18 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250975
|
9.8 |
CRITICAL
Network
|
kliqqi
|
kliqqi_cms
|
SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a new story at the pligg/story.php?title= URI.
|
CWE-89
SQL Injection
|
CVE-2017-17902
|
2024-11-21 12:18 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250976
|
5.4 |
MEDIUM
Network
|
kliqqi
|
kliqqi_cms
|
Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17889
|
2024-11-21 12:18 |
2018-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250977
|
5.3 |
MEDIUM
Network
|
ruby-lang
debian
|
ruby
debian_linux
|
Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTT…
|
CWE-113
HTTP Response Splitting
|
CVE-2017-17742
|
2024-11-21 12:18 |
2018-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250978
|
7.8 |
HIGH
Local
|
google
|
android
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17770
|
2024-11-21 12:18 |
2018-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250979
|
7.8 |
HIGH
Local
|
google
|
android
|
In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-02-12, an array out of bounds can occur.
|
CWE-120
Classic Buffer Overflow
|
CVE-2017-17771
|
2024-11-21 12:18 |
2018-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250980
|
5.5 |
MEDIUM
Local
|
google
|
android
|
Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver.
|
CWE-200
Information Exposure
|
CVE-2017-17769
|
2024-11-21 12:18 |
2018-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
