|
251091
|
7.3 |
HIGH
Network
|
enigmail
debian
|
enigmail
debian_linux
|
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-17845
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251092
|
6.5 |
MEDIUM
Network
|
enigmail
debian
|
enigmail
debian_linux
|
An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relyin…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-17844
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251093
|
5.9 |
MEDIUM
Network
|
enigmail
debian
|
enigmail
debian_linux
|
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of…
|
NVD-CWE-noinfo
|
CVE-2017-17843
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251094
|
7.8 |
HIGH
Local
|
open-iscsi_project
|
open-iscsi
|
An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to la…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17840
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251095
|
5.4 |
MEDIUM
Network
|
serverscheck
|
monitoring_software
|
ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, …
|
CWE-79
Cross-site Scripting
|
CVE-2017-17832
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251096
|
7.5 |
HIGH
Network
|
samsung
|
internet_browser
|
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the …
|
CWE-200
Information Exposure
|
CVE-2017-17692
|
2024-11-21 12:18 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251097
|
8.8 |
HIGH
Network
|
git_large_file_storage_project
|
git_large_file_storage
|
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within …
|
CWE-20
Improper Input Validation
|
CVE-2017-17831
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251098
|
6.8 |
MEDIUM
Network
|
doditsolutions
|
bus_booking_script
|
Bus Booking Script has CSRF via admin/new_master.php.
|
CWE-352
Origin Validation Error
|
CVE-2017-17830
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251099
|
7.2 |
HIGH
Network
|
doditsolutions
|
bus_booking_script
|
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.
|
CWE-89
SQL Injection
|
CVE-2017-17829
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251100
|
4.8 |
MEDIUM
Network
|
doditsolutions
|
busbooking-script
|
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17828
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
