|
253181
|
9.8 |
CRITICAL
Network
|
atlassian
|
hipchat
|
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14586
|
2024-11-21 12:13 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253182
|
7.2 |
HIGH
Network
|
atlassian
|
hipchat_server
hipchat_data_center
|
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-14585
|
2024-11-21 12:13 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253183
|
8.8 |
HIGH
Network
|
docuware
|
fulltext_server
|
The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access con…
|
NVD-CWE-noinfo
|
CVE-2017-15044
|
2024-11-21 12:13 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253184
|
7.8 |
HIGH
Local
|
ikarussecurity
|
anti.virus
|
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
|
CWE-20
Improper Input Validation
|
CVE-2017-14961
|
2024-11-21 12:13 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253185
|
8.1 |
HIGH
Network
|
kickbase
|
bundesliga_manager
|
The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and passw…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-14711
|
2024-11-21 12:13 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253186
|
4.8 |
MEDIUM
Network
|
zurmo
|
zurmo_crm
|
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15039
|
2024-11-21 12:13 |
2017-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253187
|
6.5 |
MEDIUM
Network
|
docker
|
docker
|
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause …
|
CWE-20
Improper Input Validation
|
CVE-2017-14992
|
2024-11-21 12:13 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253188
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14752
|
2024-11-21 12:13 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253189
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 makin…
|
CWE-20
Improper Input Validation
|
CVE-2017-14919
|
2024-11-21 12:13 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253190
|
7.5 |
HIGH
Network
|
saltstack
|
salt
|
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
|
CWE-20
Improper Input Validation
|
CVE-2017-14696
|
2024-11-21 12:13 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
