|
248381
|
8.8 |
HIGH
Network
|
apache
|
openmeetings
|
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2017-7666
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248382
|
10.0 |
CRITICAL
Network
|
apache
|
openmeetings
|
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
|
CWE-611
XXE
|
CVE-2017-7664
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248383
|
6.1 |
MEDIUM
Network
|
apache
|
openmeetings
|
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7663
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248384
|
5.9 |
MEDIUM
Network
|
apache
|
struts
|
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validati…
|
CWE-20
Improper Input Validation
|
CVE-2017-7672
|
2024-11-21 12:32 |
2017-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248385
|
7.5 |
HIGH
Network
|
f5
puppet
apple
|
nginx
puppet_enterprise
xcode
|
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered …
|
-
|
CVE-2017-7529
|
2024-11-21 12:32 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248386
|
6.1 |
MEDIUM
Network
|
apache
|
spark
|
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits dat…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7678
|
2024-11-21 12:32 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248387
|
7.5 |
HIGH
Network
|
ismartalarm
|
cubeone_firmware
|
iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.
|
CWE-20
Improper Input Validation
|
CVE-2017-7730
|
2024-11-21 12:32 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248388
|
7.5 |
HIGH
Network
|
ismartalarm
|
cubeone_firmware
|
On iSmartAlarm cube devices, there is Incorrect Access Control because a "new key" is transmitted in cleartext.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-7729
|
2024-11-21 12:32 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248389
|
9.8 |
CRITICAL
Network
|
ismartalarm
|
cubeone_firmware
|
On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.
|
NVD-CWE-noinfo
|
CVE-2017-7728
|
2024-11-21 12:32 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248390
|
7.5 |
HIGH
Network
|
ismartalarm
|
cubeone_firmware
|
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-7726
|
2024-11-21 12:32 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
