|
255601
|
5.7 |
MEDIUM
Network
|
alienvault
|
unified_security_management
|
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local d…
|
CWE-352
Origin Validation Error
|
CVE-2017-14956
|
2024-11-21 12:13 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255602
|
9.8 |
CRITICAL
Network
|
icu-project
|
international_components_for_unicode
|
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector …
|
CWE-415
Double Free
|
CVE-2017-14952
|
2024-11-21 12:13 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255603
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack…
|
CWE-20
Improper Input Validation
|
CVE-2017-15012
|
2024-11-21 12:13 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255604
|
4.3 |
MEDIUM
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardl…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15014
|
2024-11-21 12:13 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255605
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
|
CWE-269
Improper Privilege Management
|
CVE-2017-15013
|
2024-11-21 12:13 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255606
|
6.1 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog par…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14588
|
2024-11-21 12:13 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255607
|
5.4 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14587
|
2024-11-21 12:13 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255608
|
7.5 |
HIGH
Network
|
trapezegroup
|
transitmaster
|
Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is indep…
|
CWE-200
Information Exposure
|
CVE-2017-14943
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255609
|
5.6 |
MEDIUM
Local
|
qemu
|
qemu
|
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to rea…
|
CWE-362
Race Condition
|
CVE-2017-15038
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255610
|
9.8 |
CRITICAL
Network
|
flexense
|
syncbreeze
|
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14980
|
2024-11-21 12:13 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
