|
256551
|
6.1 |
MEDIUM
Network
|
watchguard
|
fireware
|
An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be con…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14615
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256552
|
7.8 |
HIGH
Local
|
bareos
|
bareos
|
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary pro…
|
CWE-665
Improper Initialization
|
CVE-2017-14610
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256553
|
7.8 |
HIGH
Local
|
kannel
|
kannel
|
The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to thi…
|
CWE-665
Improper Initialization
|
CVE-2017-14609
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256554
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
|
CWE-90
LDAP Injection
|
CVE-2017-14596
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256555
|
3.7 |
LOW
Network
|
joomla
|
joomla\!
|
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
|
NVD-CWE-noinfo
|
CVE-2017-14595
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256556
|
9.1 |
CRITICAL
Network
|
libraw
|
libraw
|
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14608
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256557
|
8.1 |
HIGH
Network
|
imagemagick
debian
canonical
|
imagemagick
debian_linux
ubuntu_linux
|
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memo…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14607
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256558
|
6.5 |
MEDIUM
Network
|
gnome
debian
|
nautilus
debian_linux
|
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file…
|
CWE-20
Improper Input Validation
|
CVE-2017-14604
|
2024-11-21 12:13 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256559
|
7.5 |
HIGH
Network
|
sap
|
netweaver_application_server_java
|
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
|
NVD-CWE-noinfo
|
CVE-2017-14581
|
2024-11-21 12:13 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256560
|
4.9 |
MEDIUM
Network
|
pragyan_cms_project
|
pragyan_cms
|
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
|
CWE-89
SQL Injection
|
CVE-2017-14601
|
2024-11-21 12:13 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
