|
248801
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiportal
|
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
|
CWE-601
Open Redirect
|
CVE-2017-7343
|
2024-11-21 12:31 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248802
|
6.1 |
MEDIUM
Network
|
fortinet
|
fortiportal
|
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add R…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7339
|
2024-11-21 12:31 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248803
|
7.5 |
HIGH
Network
|
fortinet
|
fortiportal
|
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.
|
CWE-200
Information Exposure
|
CVE-2017-7338
|
2024-11-21 12:31 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248804
|
9.1 |
CRITICAL
Network
|
fortinet
|
fortiportal
|
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen ses…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7337
|
2024-11-21 12:31 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248805
|
7.5 |
HIGH
Network
|
netapp
|
oncommand_unified_manager_core_package
|
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
|
CWE-200
Information Exposure
|
CVE-2017-7439
|
2024-11-21 12:31 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248806
|
7.5 |
HIGH
Network
|
netapp
|
oncommand_unified_manager_core_package
|
SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2017-7236
|
2024-11-21 12:31 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248807
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_suite
|
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7288
|
2024-11-21 12:31 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248808
|
5.5 |
MEDIUM
Local
|
cairographics
|
cairo
|
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7475
|
2024-11-21 12:31 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248809
|
6.5 |
MEDIUM
Network
|
micro_focus
|
vibe
|
An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially cr…
|
CWE-22
Path Traversal
|
CVE-2017-7433
|
2024-11-21 12:31 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248810
|
6.5 |
MEDIUM
Network
|
openvpn
|
openvpn
|
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
|
CWE-617
Reachable Assertion
|
CVE-2017-7479
|
2024-11-21 12:31 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
