|
248841
|
7.8 |
HIGH
Local
|
paloaltonetworks
|
pan-os
|
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.
|
CWE-20
Improper Input Validation
|
CVE-2017-7218
|
2024-11-21 12:31 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248842
|
4.3 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.
|
CWE-20
Improper Input Validation
|
CVE-2017-7217
|
2024-11-21 12:31 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248843
|
8.8 |
HIGH
Network
|
citrix
|
netscaler_gateway_firmware
|
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7219
|
2024-11-21 12:31 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248844
|
8.8 |
HIGH
Network
|
unitrends
|
enterprise_backup
|
An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the c…
|
CWE-287
Improper Authentication
|
CVE-2017-7284
|
2024-11-21 12:31 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248845
|
8.8 |
HIGH
Network
|
unitrends
|
enterprise_backup
|
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows fo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-7281
|
2024-11-21 12:31 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248846
|
9.8 |
CRITICAL
Network
|
unitrends
|
enterprise_backup
|
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code…
|
CWE-20
Improper Input Validation
|
CVE-2017-7280
|
2024-11-21 12:31 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248847
|
9.8 |
CRITICAL
Network
|
unitrends
|
enterprise_backup
|
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2017-7279
|
2024-11-21 12:31 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248848
|
9.8 |
CRITICAL
Network
|
intellinet-network
|
nfc-30ir_firmware
|
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
|
CWE-22
CWE-798
Path Traversal
Use of Hard-coded Credentials
|
CVE-2017-7462
|
2024-11-21 12:31 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248849
|
4.9 |
MEDIUM
Network
|
intellinet-network
|
nfc-30ir_firmware
|
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a v…
|
CWE-22
Path Traversal
|
CVE-2017-7461
|
2024-11-21 12:31 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248850
|
6.0 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumpti…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-7377
|
2024-11-21 12:31 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
