|
249521
|
5.4 |
MEDIUM
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious J…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6340
|
2024-11-21 12:29 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249522
|
6.5 |
MEDIUM
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate A…
|
CWE-269
CWE-521
Improper Privilege Management
Weak Password Requirements
|
CVE-2017-6339
|
2024-11-21 12:29 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249523
|
6.5 |
MEDIUM
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Audit…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-6338
|
2024-11-21 12:29 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249524
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have u…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6448
|
2024-11-21 12:29 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249525
|
7.5 |
HIGH
Network
|
php
|
php
|
The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-6441
|
2024-11-21 12:29 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249526
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified othe…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6194
|
2024-11-21 12:29 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249527
|
7.5 |
HIGH
Network
|
ruby-lang
|
ruby
|
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion a…
|
CWE-20
Improper Input Validation
|
CVE-2017-6181
|
2024-11-21 12:29 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249528
|
8.1 |
HIGH
Network
|
sophos
|
web_appliance
|
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
|
CWE-384
Session Fixation
|
CVE-2017-6412
|
2024-11-21 12:29 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249529
|
4.7 |
MEDIUM
Network
|
sophos
|
web_appliance
|
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
|
CWE-77
Command Injection
|
CVE-2017-6184
|
2024-11-21 12:29 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249530
|
7.2 |
HIGH
Network
|
sophos
|
web_appliance
|
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NS…
|
CWE-77
Command Injection
|
CVE-2017-6183
|
2024-11-21 12:29 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
