|
264011
|
5.5 |
MEDIUM
Local
|
redhat
|
jboss_enterprise_application_platform
|
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users …
|
CWE-200
Information Exposure
|
CVE-2017-12167
|
2024-11-21 12:08 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264012
|
6.4 |
MEDIUM
Physics
|
gnome
|
gnome_display_manager
|
A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as ano…
|
CWE-665
Improper Initialization
|
CVE-2017-12164
|
2024-11-21 12:08 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264013
|
7.1 |
HIGH
Adjacent
|
samba
redhat
debian
|
samba
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
gluster_storage
debian_linux
|
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server …
|
-
|
CVE-2017-12163
|
2024-11-21 12:08 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264014
|
8.8 |
HIGH
Network
|
opcfoundation
|
ua-.net-legacy
|
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
|
CWE-20
Improper Input Validation
|
CVE-2017-12070
|
2024-11-21 12:08 |
2018-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264015
|
7.8 |
HIGH
Local
|
opcfoundation
|
local_discovery_server
|
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users t…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-11672
|
2024-11-21 12:08 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264016
|
7.2 |
HIGH
Network
|
synology
|
router_manager
|
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
|
CWE-77
Command Injection
|
CVE-2017-12078
|
2024-11-21 12:08 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264017
|
7.2 |
HIGH
Network
|
synology
|
diskstation_manager
|
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
|
CWE-77
Command Injection
|
CVE-2017-12075
|
2024-11-21 12:08 |
2018-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264018
|
7.5 |
HIGH
Network
|
rockwellautomation
|
micrologix_1400_b_firmware
|
An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resu…
|
CWE-200
Information Exposure
|
CVE-2017-12092
|
2024-11-21 12:08 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264019
|
8.0 |
HIGH
Adjacent
|
moxa
|
edr-810_firmware
|
An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and cou…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-12129
|
2024-11-21 12:08 |
2018-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264020
|
7.5 |
HIGH
Network
|
moxa
|
edr-810_firmware
|
An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An a…
|
CWE-200
Information Exposure
|
CVE-2017-12128
|
2024-11-21 12:08 |
2018-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
