|
246821
|
6.1 |
MEDIUM
Network
|
apache
|
sling_servlets_post
|
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially craf…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9802
|
2024-11-21 12:36 |
2017-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246822
|
9.8 |
CRITICAL
Network
|
apache
|
subversion
|
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be ge…
|
CWE-20
Improper Input Validation
|
CVE-2017-9800
|
2024-11-21 12:36 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246823
|
5.4 |
MEDIUM
Network
|
synology
|
video_station
|
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the titl…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9556
|
2024-11-21 12:36 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246824
|
8.8 |
HIGH
Network
|
apache
|
storm
|
It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to…
|
NVD-CWE-noinfo
|
CVE-2017-9799
|
2024-11-21 12:36 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246825
|
7.5 |
HIGH
Network
|
apache
|
commons_email
|
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.
|
CWE-20
Improper Input Validation
|
CVE-2017-9801
|
2024-11-21 12:36 |
2017-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246826
|
7.5 |
HIGH
Network
|
sma
|
sunny_explorer
|
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the ven…
|
NVD-CWE-noinfo
|
CVE-2017-9851
|
2024-11-21 12:36 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246827
|
5.5 |
MEDIUM
Local
|
razerzone
|
razer_synapse
|
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9770
|
2024-11-21 12:36 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246828
|
9.8 |
CRITICAL
Network
|
razer
|
synapse
|
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
|
NVD-CWE-noinfo
|
CVE-2017-9769
|
2024-11-21 12:36 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246829
|
6.1 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9467
|
2024-11-21 12:36 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246830
|
6.1 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attacke…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9459
|
2024-11-21 12:36 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
