|
247631
|
8.8 |
HIGH
Network
|
unitrends
|
enterprise_backup
|
An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the c…
|
CWE-287
Improper Authentication
|
CVE-2017-7284
|
2024-11-21 12:31 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247632
|
8.8 |
HIGH
Network
|
unitrends
|
enterprise_backup
|
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows fo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-7281
|
2024-11-21 12:31 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247633
|
9.8 |
CRITICAL
Network
|
unitrends
|
enterprise_backup
|
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code…
|
CWE-20
Improper Input Validation
|
CVE-2017-7280
|
2024-11-21 12:31 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247634
|
9.8 |
CRITICAL
Network
|
unitrends
|
enterprise_backup
|
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2017-7279
|
2024-11-21 12:31 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247635
|
9.8 |
CRITICAL
Network
|
intellinet-network
|
nfc-30ir_firmware
|
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
|
CWE-22
CWE-798
Path Traversal
Use of Hard-coded Credentials
|
CVE-2017-7462
|
2024-11-21 12:31 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247636
|
4.9 |
MEDIUM
Network
|
intellinet-network
|
nfc-30ir_firmware
|
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a v…
|
CWE-22
Path Traversal
|
CVE-2017-7461
|
2024-11-21 12:31 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247637
|
6.0 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumpti…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-7377
|
2024-11-21 12:31 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247638
|
5.3 |
MEDIUM
Network
|
netapp
|
clustered_data_ontap
|
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service t…
|
CWE-200
Information Exposure
|
CVE-2017-7345
|
2024-11-21 12:31 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247639
|
9.8 |
CRITICAL
Network
|
ninka_project
|
ninka
|
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.
|
CWE-74
Injection
|
CVE-2017-7239
|
2024-11-21 12:31 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247640
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose_embedded_web_server_library
mongoose_os
|
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows r…
|
CWE-416
Use After Free
|
CVE-2017-7185
|
2024-11-21 12:31 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
