|
252151
|
9.8 |
CRITICAL
Network
|
vde_project
|
vde
|
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16638
|
2024-11-21 12:16 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252152
|
4.4 |
MEDIUM
Local
|
perfect-privacy
|
vpn_manager
|
In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdva…
|
CWE-20
Improper Input Validation
|
CVE-2017-16637
|
2024-11-21 12:16 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252153
|
5.4 |
MEDIUM
Network
|
bludit
|
bludit
|
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validatio…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16636
|
2024-11-21 12:16 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252154
|
5.4 |
MEDIUM
Network
|
tinywebgallery
|
tinywebgallery
|
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend acce…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16635
|
2024-11-21 12:16 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252155
|
8.8 |
HIGH
Network
|
keystonejs
|
keystone
|
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests th…
|
CWE-352
Origin Validation Error
|
CVE-2017-16570
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252156
|
4.8 |
MEDIUM
Network
|
zurmo
|
zurmo_crm
|
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
|
CWE-601
Open Redirect
|
CVE-2017-16569
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252157
|
8.8 |
HIGH
Network
|
grandstream
|
ht802_firmware
|
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arb…
|
CWE-352
Origin Validation Error
|
CVE-2017-16565
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252158
|
5.4 |
MEDIUM
Network
|
grandstream
|
ht802_firmware
|
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16564
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252159
|
8.0 |
HIGH
Network
|
grandstream
|
ht802_firmware
|
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.
|
CWE-352
Origin Validation Error
|
CVE-2017-16563
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252160
|
8.8 |
HIGH
Network
|
hanwhasecurity
|
web_viewer
|
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrar…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-16524
|
2024-11-21 12:16 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
