|
249101
|
9.8 |
CRITICAL
Network
|
sap
|
trex
|
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.
|
CWE-94
Code Injection
|
CVE-2017-7691
|
2024-11-21 12:32 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249102
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
homelynk_controller_lss100100_firmware
|
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.
|
CWE-77
Command Injection
|
CVE-2017-7689
|
2024-11-21 12:32 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249103
|
6.1 |
MEDIUM
Network
|
auromeera
|
emli
|
Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7621
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249104
|
8.1 |
HIGH
Network
|
foscam
|
fi9800xe
r2
c1
fi9826p
c1_lite
fi9903p
fi9928p
fi9853ep
fi9851p
c2
fi9901ep
fi9828p
|
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging kn…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-7648
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249105
|
8.8 |
HIGH
Network
|
solarwinds
|
log_\&_event_manager
|
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.
|
NVD-CWE-noinfo
|
CVE-2017-7647
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249106
|
6.5 |
MEDIUM
Network
|
solarwinds
|
log_\&_event_manager
|
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.
|
CWE-200
Information Exposure
|
CVE-2017-7646
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249107
|
9.8 |
CRITICAL
Network
|
fiyo
|
fiyo_cms
|
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.
|
CWE-94
Code Injection
|
CVE-2017-7625
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249108
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-7624
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249109
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7623
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249110
|
8.8 |
HIGH
Network
|
deepin
|
deepin_desktop_environment
|
dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Any…
|
CWE-862
Missing Authorization
|
CVE-2017-7622
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
