|
248711
|
7.5 |
HIGH
Network
|
redhat
|
jboss_enterprise_application_platform
|
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
|
CWE-444
HTTP Request Smuggling
|
CVE-2017-7561
|
2024-11-21 12:32 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248712
|
5.5 |
MEDIUM
Local
|
redhat
|
rhnsd
|
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7560
|
2024-11-21 12:32 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248713
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortios
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while c…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7735
|
2024-11-21 12:32 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248714
|
5.4 |
MEDIUM
Network
|
fortinet
|
fortios
|
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7734
|
2024-11-21 12:32 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248715
|
6.5 |
MEDIUM
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that…
|
CWE-287
Improper Authentication
|
CVE-2017-7650
|
2024-11-21 12:32 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248716
|
9.8 |
CRITICAL
Network
|
eclipse
|
kura
|
The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is le…
|
CWE-287
Improper Authentication
|
CVE-2017-7649
|
2024-11-21 12:32 |
2017-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248717
|
6.1 |
MEDIUM
Network
|
icewarp
|
server
|
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7855
|
2024-11-21 12:32 |
2017-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248718
|
6.5 |
MEDIUM
Network
|
riverbed
|
opnet_app_response_xpert
|
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.
|
CWE-22
Path Traversal
|
CVE-2017-7693
|
2024-11-21 12:32 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248719
|
5.9 |
MEDIUM
Network
|
osisoft
|
pi_data_archive
|
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a m…
|
CWE-287
Improper Authentication
|
CVE-2017-7934
|
2024-11-21 12:32 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248720
|
7.4 |
HIGH
Network
|
osisoft
|
pi_data_archive
|
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the…
|
CWE-287
Improper Authentication
|
CVE-2017-7930
|
2024-11-21 12:32 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
