|
254781
|
7.8 |
HIGH
Local
|
deltaww
|
delta_industrial_automation_screen_editor
|
An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write out…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-16747
|
2024-11-21 12:16 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254782
|
7.8 |
HIGH
Local
|
deltaww
|
delta_industrial_automation_screen_editor
|
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vul…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2017-16745
|
2024-11-21 12:16 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254783
|
8.8 |
HIGH
Network
|
mitel
|
st14.2
|
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST requ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-16251
|
2024-11-21 12:16 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254784
|
5.3 |
MEDIUM
Network
|
mitel
|
st14.2
|
A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated…
|
CWE-200
Information Exposure
|
CVE-2017-16250
|
2024-11-21 12:16 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254785
|
6.5 |
MEDIUM
Network
|
synology
|
surveillance_station
|
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain…
|
CWE-200
Information Exposure
|
CVE-2017-16770
|
2024-11-21 12:16 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254786
|
5.4 |
MEDIUM
Network
|
synology
|
surveillance_station
|
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc p…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16767
|
2024-11-21 12:16 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254787
|
5.5 |
MEDIUM
Local
|
ox_project
|
ox
|
In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16229
|
2024-11-21 12:16 |
2018-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254788
|
5.3 |
MEDIUM
Network
|
synology
|
photo_station
|
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mo…
|
CWE-200
Information Exposure
|
CVE-2017-16769
|
2024-11-21 12:16 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254789
|
6.1 |
MEDIUM
Network
|
kubik-rubik
|
simple_image_gallery_extended
|
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16356
|
2024-11-21 12:16 |
2018-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254790
|
7.8 |
HIGH
Local
|
smartbear
|
soapui
|
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
|
CWE-94
Code Injection
|
CVE-2017-16670
|
2024-11-21 12:16 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
