|
249781
|
6.8 |
MEDIUM
Network
|
apache
|
knox
|
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in es…
|
CWE-346
Origin Validation Error
|
CVE-2017-5646
|
2024-11-21 12:28 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249782
|
6.1 |
MEDIUM
Network
|
openvpn
|
openvpn_access_server
|
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibl…
|
CWE-93
CRLF Injection
|
CVE-2017-5868
|
2024-11-21 12:28 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249783
|
4.9 |
MEDIUM
Network
|
sitecore
|
crm
|
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
|
CWE-22
Path Traversal
|
CVE-2017-5966
|
2024-11-21 12:28 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249784
|
6.7 |
MEDIUM
Local
|
sitecore
|
crm
|
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, v…
|
NVD-CWE-noinfo
|
CVE-2017-5965
|
2024-11-21 12:28 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249785
|
5.4 |
MEDIUM
Network
|
vimbadmin
|
vimbadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the …
|
CWE-79
Cross-site Scripting
|
CVE-2017-5870
|
2024-11-21 12:28 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249786
|
8.0 |
HIGH
Network
|
apache
|
archiva
|
Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML…
|
CWE-352
Origin Validation Error
|
CVE-2017-5657
|
2024-11-21 12:28 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249787
|
8.8 |
HIGH
Network
|
satel-iberia
|
sennet_multitask_meter
sennet_optimal_datalogger
sennet_solar_datalogger
|
A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, an…
|
CWE-77
Command Injection
|
CVE-2017-6048
|
2024-11-21 12:28 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249788
|
9.8 |
CRITICAL
Network
|
codesys
|
web_server
|
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizati…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-6027
|
2024-11-21 12:28 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249789
|
9.8 |
CRITICAL
Network
|
codesys
|
web_server
|
A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizatio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6025
|
2024-11-21 12:28 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249790
|
7.3 |
HIGH
Local
|
leao_consultoria_e_desenvolvimento_de_sistemas
|
ltda_me_laquis_scada
|
An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions rel…
|
NVD-CWE-noinfo
|
CVE-2017-6016
|
2024-11-21 12:28 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
