|
258311
|
8.8 |
HIGH
Network
|
netcomm
|
4gt101w_software
4gt101w_bootloader
|
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. The…
|
CWE-352
Origin Validation Error
|
CVE-2017-11646
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258312
|
9.8 |
CRITICAL
Network
|
netcomm
|
4gt101w_software
4gt101w_bootloader
|
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.
|
CWE-287
Improper Authentication
|
CVE-2017-11645
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258313
|
7.5 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted strea…
|
CWE-20
Improper Input Validation
|
CVE-2017-11665
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258314
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11691
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258315
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_eventlog_analyzer
|
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11687
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258316
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_eventlog_analyzer
|
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the p…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11686
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258317
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_eventlog_analyzer
|
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11685
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258318
|
7.5 |
HIGH
Network
|
libav
|
libav
|
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.
|
NVD-CWE-noinfo
|
CVE-2017-11684
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258319
|
6.5 |
MEDIUM
Network
|
exiv2
canonical
debian
|
exiv2
ubuntu_linux
debian_linux
|
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
|
CWE-617
Reachable Assertion
|
CVE-2017-11683
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258320
|
6.1 |
MEDIUM
Network
|
hashtopolis
|
hashtopolis
|
Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11682
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
