|
248251
|
7.3 |
HIGH
Local
|
eduiq
|
net_monitor_for_employees
|
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privi…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-7180
|
2024-11-21 12:31 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248252
|
7.5 |
HIGH
Network
|
personify
|
personify360_e-business
|
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
|
CWE-287
Improper Authentication
|
CVE-2017-7314
|
2024-11-21 12:31 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248253
|
7.5 |
HIGH
Network
|
personify
|
personify360_e-business
|
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other wor…
|
CWE-200
Information Exposure
|
CVE-2017-7313
|
2024-11-21 12:31 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248254
|
9.8 |
CRITICAL
Network
|
personifycorp
|
personify360
|
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and…
|
CWE-269
Improper Privilege Management
|
CVE-2017-7312
|
2024-11-21 12:31 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248255
|
6.1 |
MEDIUM
Network
|
flipbuilder
|
flip_pdf
|
Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7384
|
2024-11-21 12:31 |
2017-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248256
|
6.1 |
MEDIUM
Network
|
contiki-os
|
contiki
|
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7296
|
2024-11-21 12:31 |
2017-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248257
|
7.5 |
HIGH
Network
|
contiki-os
|
contiki
|
An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structur…
|
CWE-416
Use After Free
|
CVE-2017-7295
|
2024-11-21 12:31 |
2017-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248258
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiportal
|
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
|
CWE-601
Open Redirect
|
CVE-2017-7343
|
2024-11-21 12:31 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248259
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiportal
|
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add R…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7339
|
2024-11-21 12:31 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248260
|
7.5 |
HIGH
Network
|
fortinet
|
fortiportal
|
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.
|
CWE-200
Information Exposure
|
CVE-2017-7338
|
2024-11-21 12:31 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
