|
250171
|
7.5 |
HIGH
Network
|
syspass
|
syspass
|
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() fu…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-5999
|
2024-11-21 12:28 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250172
|
8.0 |
HIGH
Network
|
d-link
|
di-524_firmware
|
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (…
|
CWE-352
Origin Validation Error
|
CVE-2017-5633
|
2024-11-21 12:28 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250173
|
6.5 |
MEDIUM
Network
|
owncloud
|
owncloud
|
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a o…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-5867
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250174
|
4.3 |
MEDIUM
Network
|
owncloud
|
owncloud
|
The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensit…
|
CWE-200
Information Exposure
|
CVE-2017-5866
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250175
|
3.7 |
LOW
Network
|
owncloud
|
owncloud
|
The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is v…
|
CWE-200
Information Exposure
|
CVE-2017-5865
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250176
|
7.5 |
HIGH
Network
|
libimobiledevice
|
libplist
|
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an inv…
|
CWE-415
Double Free
|
CVE-2017-5836
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250177
|
7.5 |
HIGH
Network
|
libimobiledevice
|
libplist
|
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-5835
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250178
|
5.5 |
MEDIUM
Local
|
libimobiledevice
|
libplist
|
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5834
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250179
|
6.1 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via un…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5833
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250180
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5832
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
