|
248831
|
6.1 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7409
|
2024-11-21 12:31 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248832
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "…
|
CWE-20
Improper Input Validation
|
CVE-2017-7220
|
2024-11-21 12:31 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248833
|
8.8 |
HIGH
Network
|
unitrends
|
enterprise_backup
|
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the…
|
CWE-20
Improper Input Validation
|
CVE-2017-7283
|
2024-11-21 12:31 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248834
|
5.5 |
MEDIUM
Local
|
unitrends
|
enterprise_backup
|
An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This …
|
CWE-200
Information Exposure
|
CVE-2017-7282
|
2024-11-21 12:31 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248835
|
9.1 |
CRITICAL
Network
|
atlassian
|
hipchat_server
|
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-7357
|
2024-11-21 12:31 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248836
|
5.4 |
MEDIUM
Network
|
zurmo
|
zurmo_crm
|
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7188
|
2024-11-21 12:31 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248837
|
5.0 |
MEDIUM
Local
|
moxa
|
mx-aopc_server
|
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
|
CWE-611
XXE
|
CVE-2017-7457
|
2024-11-21 12:31 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248838
|
7.5 |
HIGH
Network
|
moxa
|
mxview
|
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
|
CWE-20
Improper Input Validation
|
CVE-2017-7456
|
2024-11-21 12:31 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248839
|
7.5 |
HIGH
Network
|
moxa
|
mxview
|
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
|
CWE-200
Information Exposure
|
CVE-2017-7455
|
2024-11-21 12:31 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248840
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
traps
|
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.
|
CWE-20
Improper Input Validation
|
CVE-2017-7408
|
2024-11-21 12:31 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
