|
256751
|
7.8 |
HIGH
Local
|
freesshd
|
freesshd
|
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-1000475
|
2024-11-21 12:04 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256752
|
5.3 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000417
|
2024-11-21 12:04 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256753
|
5.3 |
MEDIUM
Network
|
axtls_project
|
axtls
|
axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.
|
CWE-193
Off-by-one Error
|
CVE-2017-1000416
|
2024-11-21 12:04 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256754
|
6.1 |
MEDIUM
Network
|
flatcore
|
flatcore-cms
|
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-A…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000428
|
2024-11-21 12:04 |
2018-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256755
|
5.4 |
MEDIUM
Network
|
sulu
|
sulu-standard
|
Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000465
|
2024-11-21 12:04 |
2018-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256756
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000429
|
2024-11-21 12:04 |
2018-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256757
|
5.9 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (dela…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000415
|
2024-11-21 12:04 |
2018-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256758
|
9.8 |
CRITICAL
Network
|
codehaus-plexus
debian
|
plexus-utils
debian_linux
|
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
|
CWE-78
OS Command
|
CVE-2017-1000487
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256759
|
9.8 |
CRITICAL
Network
|
primetek
|
primefaces
|
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-1000486
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256760
|
7.8 |
HIGH
Local
|
nylas_mail_lives_project
|
nylas_mail
|
Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000485
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
