|
247131
|
5.9 |
MEDIUM
Network
|
oneplus
|
oxygenos
|
An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-8851
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247132
|
5.9 |
MEDIUM
Network
|
oneplus
|
oxygenos
|
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers c…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-8850
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247133
|
9.8 |
CRITICAL
Network
|
invisioncommunity
|
invision_power_board
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack use…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8898
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247134
|
6.1 |
MEDIUM
Network
|
invisioncommunity
|
invision_power_board
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8897
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247135
|
8.1 |
HIGH
Network
|
invisioncommunity
|
invision_power_board
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered b…
|
CWE-79
CWE-200
Cross-site Scripting
Information Exposure
|
CVE-2017-8899
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247136
|
9.8 |
CRITICAL
Network
|
miniupnp_project
|
miniupnpd
|
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8798
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247137
|
9.8 |
CRITICAL
Network
|
veritas
|
backup_exec
|
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of ser…
|
CWE-416
Use After Free
|
CVE-2017-8895
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247138
|
6.1 |
MEDIUM
Network
|
opentext
|
tempo_box
|
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8892
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247139
|
7.8 |
HIGH
Local
|
sap
|
sapcar
|
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of da…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8852
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247140
|
5.5 |
MEDIUM
Local
|
dropbox
|
lepton
|
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
|
CWE-1187
Use of Uninitialized Resource
|
CVE-2017-8891
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
