|
252551
|
2.5 |
LOW
Local
|
cybozu
|
kunai
|
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
|
CWE-200
Information Exposure
|
CVE-2017-2109
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252552
|
7.8 |
HIGH
Local
|
softbank
|
primedrive_desktop_application
|
Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2017-2108
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252553
|
7.8 |
HIGH
Local
|
akky
|
7-zip32.dll
|
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified …
|
CWE-426
Untrusted Search Path
|
CVE-2017-2107
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252554
|
6.1 |
MEDIUM
Network
|
webmin
|
webmin
|
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2106
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252555
|
5.9 |
MEDIUM
Network
|
presentcast_inc
|
tver
|
The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte…
|
CWE-200
Information Exposure
|
CVE-2017-2105
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252556
|
5.9 |
MEDIUM
Network
|
k-opticom_corporation
|
business_lala_call
|
The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio…
|
CWE-200
Information Exposure
|
CVE-2017-2104
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252557
|
5.9 |
MEDIUM
Network
|
k-opticom_corporation
|
lala_call
|
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c…
|
CWE-200
Information Exposure
|
CVE-2017-2103
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252558
|
8.8 |
HIGH
Network
|
ipa
|
appgoat
|
Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of admini…
|
CWE-352
Origin Validation Error
|
CVE-2017-2102
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252559
|
7.3 |
HIGH
Network
|
ipa
|
appgoat
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2017-2101
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252560
|
6.3 |
MEDIUM
Network
|
ipa
|
appgoat
|
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2017-2100
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
