|
246881
|
7.5 |
HIGH
Network
|
synology
|
diskstation_manager
|
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.
|
NVD-CWE-noinfo
|
CVE-2017-9553
|
2024-11-21 12:36 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246882
|
7.5 |
HIGH
Network
|
subsonic
|
subsonic
|
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change password…
|
CWE-352
Origin Validation Error
|
CVE-2017-9415
|
2024-11-21 12:36 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246883
|
9.8 |
CRITICAL
Network
|
nancyfx
|
nancy
|
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-9785
|
2024-11-21 12:36 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246884
|
8.1 |
HIGH
Network
|
genivia
|
gsoap
|
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denia…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-9765
|
2024-11-21 12:36 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246885
|
6.1 |
MEDIUM
Network
|
metinfo
|
metinfo
|
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9764
|
2024-11-21 12:36 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246886
|
6.1 |
MEDIUM
Network
|
kaspersky
|
anti-virus_for_linux_server
|
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site sc…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9813
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246887
|
7.5 |
HIGH
Network
|
kaspersky
|
anti-virus_for_linux_server
|
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.31…
|
CWE-200
Information Exposure
|
CVE-2017-9812
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246888
|
9.8 |
CRITICAL
Network
|
kaspersky
|
anti-virus_for_linux_server
|
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine rea…
|
CWE-20
Improper Input Validation
|
CVE-2017-9811
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246889
|
8.8 |
HIGH
Network
|
kaspersky
|
anti-virus_for_linux_server
|
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacke…
|
CWE-352
Origin Validation Error
|
CVE-2017-9810
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246890
|
7.8 |
HIGH
Local
|
alpinelinux
|
alpine_linux
|
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax h…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9671
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
