|
254721
|
9.0 |
CRITICAL
Network
|
articatech
|
artica_proxy
|
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.…
|
CWE-78
OS Command
|
CVE-2017-17055
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254722
|
6.1 |
MEDIUM
Network
|
mistserver
|
mistserver
|
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16884
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254723
|
6.1 |
MEDIUM
Network
|
wpmailster
|
wp_mailster
|
The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17451
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254724
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended ac…
|
CWE-862
Missing Authorization
|
CVE-2017-17450
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254725
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net…
|
CWE-200
Information Exposure
|
CVE-2017-17449
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254726
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended acces…
|
CWE-862
Missing Authorization
|
CVE-2017-17448
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254727
|
6.5 |
MEDIUM
Network
|
game-music-emu_project
|
game-music-emu
|
The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a deni…
|
CWE-681
Incorrect Conversion between Numeric Types
|
CVE-2017-17446
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254728
|
7.5 |
HIGH
Network
|
auth0
|
auth0.js
|
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke servi…
|
CWE-200
Information Exposure
|
CVE-2017-17068
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254729
|
8.8 |
HIGH
Adjacent
|
vaulteksafe
|
vt20i_firmware
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials adv…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-17436
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254730
|
8.8 |
HIGH
Adjacent
|
vaulteksafe
|
vt20i_firmware
|
An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phon…
|
CWE-287
Improper Authentication
|
CVE-2017-17435
|
2024-11-21 12:17 |
2017-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
