|
250161
|
8.8 |
HIGH
Network
|
embedthis
|
goahead
|
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the ma…
|
CWE-77
Command Injection
|
CVE-2017-5675
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250162
|
9.8 |
CRITICAL
Network
|
embedthis
|
goahead
|
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - …
|
CWE-200
Information Exposure
|
CVE-2017-5674
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250163
|
6.1 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using ei…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5621
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250164
|
6.1 |
MEDIUM
Network
|
zammad
|
zammad
|
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of exe…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5620
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250165
|
9.8 |
CRITICAL
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password strin…
|
CWE-287
Improper Authentication
|
CVE-2017-5619
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250166
|
9.8 |
CRITICAL
Network
|
oneplus
|
oxygenos
|
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking…
|
NVD-CWE-noinfo
|
CVE-2017-5626
|
2024-11-21 12:28 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250167
|
9.8 |
CRITICAL
Network
|
oneplus
|
oxygenos
|
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot …
|
CWE-269
Improper Privilege Management
|
CVE-2017-5624
|
2024-11-21 12:28 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250168
|
9.8 |
CRITICAL
Network
|
cambiumnetworks
|
cnpilot_r200_series_firmware
|
On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vulnerability involving the certificate of the device and its RSA keys, aka RBN-183.
|
NVD-CWE-noinfo
|
CVE-2017-5859
|
2024-11-21 12:28 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250169
|
7.5 |
HIGH
Network
|
unisys
|
clearpath_mcp
|
The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to c…
|
CWE-20
Improper Input Validation
|
CVE-2017-5872
|
2024-11-21 12:28 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250170
|
7.5 |
HIGH
Network
|
intel
|
quickassist_technology_engine
|
The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-cha…
|
NVD-CWE-noinfo
|
CVE-2017-5681
|
2024-11-21 12:28 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
