|
247781
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortiweb
|
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special cra…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7736
|
2024-11-21 12:32 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247782
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
enterprise_linux_server
|
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive infor…
|
-
|
CVE-2017-7550
|
2024-11-21 12:32 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247783
|
8.8 |
HIGH
Network
|
d-link
|
dcs-936l
|
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
|
CWE-352
Origin Validation Error
|
CVE-2017-7851
|
2024-11-21 12:32 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247784
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortios
|
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7739
|
2024-11-21 12:32 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247785
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortios
|
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7733
|
2024-11-21 12:32 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247786
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortimail
|
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attack…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7732
|
2024-11-21 12:32 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247787
|
7.5 |
HIGH
Network
|
apache
|
mesos
|
When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the co…
|
NVD-CWE-noinfo
|
CVE-2017-7687
|
2024-11-21 12:32 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247788
|
6.1 |
MEDIUM
Network
|
redhat
|
mobile_application_platform
|
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using Ap…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7554
|
2024-11-21 12:32 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247789
|
6.3 |
MEDIUM
Network
|
redhat
|
mobile_application_platform
|
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpo…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-7553
|
2024-11-21 12:32 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247790
|
9.8 |
CRITICAL
Network
|
redhat
|
mobile_application_platform
|
A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to …
|
NVD-CWE-noinfo
|
CVE-2017-7552
|
2024-11-21 12:32 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
