|
250421
|
6.2 |
MEDIUM
Local
|
sendquick
|
entera_sms_gateway_firmware
avera_sms_gateway_firmware
|
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-5137
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250422
|
7.5 |
HIGH
Network
|
sendquick
|
entera_sms_gateway_firmware
avera_sms_gateway_firmware
|
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown …
|
CWE-862
Missing Authorization
|
CVE-2017-5136
|
2024-11-21 12:27 |
2017-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250423
|
9.8 |
CRITICAL
Network
|
netapp
|
oncommand_insight
|
The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-5600
|
2024-11-21 12:27 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250424
|
9.8 |
CRITICAL
Network
|
sagecrm
|
sagecrm
|
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided funct…
|
CWE-22
Path Traversal
|
CVE-2017-5219
|
2024-11-21 12:27 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250425
|
8.8 |
HIGH
Network
|
sagecrm
|
sagecrm
|
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to …
|
CWE-89
SQL Injection
|
CVE-2017-5218
|
2024-11-21 12:27 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250426
|
4.9 |
MEDIUM
Network
|
citrix
|
xenserver
|
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.
|
NVD-CWE-noinfo
|
CVE-2017-5573
|
2024-11-21 12:27 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250427
|
6.5 |
MEDIUM
Network
|
citrix
|
xenserver
|
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.
|
CWE-269
Improper Privilege Management
|
CVE-2017-5572
|
2024-11-21 12:27 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250428
|
6.1 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5608
|
2024-11-21 12:27 |
2017-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250429
|
9.8 |
CRITICAL
Network
|
tcpdump
|
tcpdump
|
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5486
|
2024-11-21 12:27 |
2017-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250430
|
9.8 |
CRITICAL
Network
|
tcpdump
|
tcpdump
|
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5485
|
2024-11-21 12:27 |
2017-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
