|
257861
|
9.8 |
CRITICAL
Network
|
opwglobal
|
sitesentinel_isite_atg_firmware
sitesentinel_integra_500_firmware
sitesentinel_integra_100_firmware
|
A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the fol…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-12733
|
2024-11-21 12:10 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257862
|
9.8 |
CRITICAL
Network
|
opwglobal
|
sitesentinel_isite_atg_firmware
sitesentinel_integra_500_firmware
sitesentinel_integra_100_firmware
|
A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older…
|
CWE-89
SQL Injection
|
CVE-2017-12731
|
2024-11-21 12:10 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257863
|
7.1 |
HIGH
Local
|
azeotech
|
daqfactory
|
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with m…
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-12699
|
2024-11-21 12:10 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257864
|
5.5 |
MEDIUM
Local
|
mp3gain
|
mp3gain
|
The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12912
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257865
|
5.5 |
MEDIUM
Local
|
mp3gain
|
mp3gain
|
The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12911
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257866
|
6.1 |
MEDIUM
Network
|
nexusphp_project
|
nexusphp
|
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12906
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257867
|
8.8 |
HIGH
Network
|
nexusphp_project
|
nexusphp
|
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add …
|
CWE-352
Origin Validation Error
|
CVE-2017-12838
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257868
|
6.1 |
MEDIUM
Network
|
djangoproject
|
django
|
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12794
|
2024-11-21 12:10 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257869
|
7.5 |
HIGH
Network
|
simplesamlphp
debian
|
infocard_module
debian_linux
|
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
|
CWE-20
Improper Input Validation
|
CVE-2017-12874
|
2024-11-21 12:10 |
2017-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257870
|
9.8 |
CRITICAL
Network
|
simplesamlphp
debian
|
simplesamlphp
debian_linux
|
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID genera…
|
CWE-384
Session Fixation
|
CVE-2017-12873
|
2024-11-21 12:10 |
2017-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
