|
247591
|
8.1 |
HIGH
Network
|
invisioncommunity
|
invision_power_board
|
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered b…
|
CWE-79
CWE-200
Cross-site Scripting
Information Exposure
|
CVE-2017-8899
|
2024-11-21 12:34 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247592
|
9.8 |
CRITICAL
Network
|
miniupnp_project
|
miniupnpd
|
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8798
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247593
|
9.8 |
CRITICAL
Network
|
veritas
|
backup_exec
|
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of ser…
|
CWE-416
Use After Free
|
CVE-2017-8895
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247594
|
6.1 |
MEDIUM
Network
|
opentext
|
tempo_box
|
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8892
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247595
|
7.8 |
HIGH
Local
|
sap
|
sapcar
|
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of da…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8852
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247596
|
5.5 |
MEDIUM
Local
|
dropbox
|
lepton
|
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.
|
CWE-1187
Use of Uninitialized Resource
|
CVE-2017-8891
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247597
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other …
|
CWE-415
Double Free
|
CVE-2017-8890
|
2024-11-21 12:34 |
2017-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247598
|
6.8 |
MEDIUM
Physics
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2017-8879
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247599
|
6.5 |
MEDIUM
Network
|
asus
|
rt-ac1750_firmware
|
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.
|
CWE-200
Information Exposure
|
CVE-2017-8878
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247600
|
6.5 |
MEDIUM
Network
|
asus
|
rt-ac1750_firmware
|
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.
|
CWE-200
Information Exposure
|
CVE-2017-8877
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
