|
251871
|
6.7 |
MEDIUM
Local
|
intel
|
solid_state_drive_toolbox
|
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.
|
NVD-CWE-noinfo
|
CVE-2017-5688
|
2024-11-21 12:28 |
2017-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251872
|
6.8 |
MEDIUM
Network
|
apache
|
knox
|
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in es…
|
CWE-346
Origin Validation Error
|
CVE-2017-5646
|
2024-11-21 12:28 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251873
|
6.1 |
MEDIUM
Network
|
openvpn
|
openvpn_access_server
|
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibl…
|
CWE-93
CRLF Injection
|
CVE-2017-5868
|
2024-11-21 12:28 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251874
|
4.9 |
MEDIUM
Network
|
sitecore
|
crm
|
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
|
CWE-22
Path Traversal
|
CVE-2017-5966
|
2024-11-21 12:28 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251875
|
6.7 |
MEDIUM
Local
|
sitecore
|
crm
|
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, v…
|
NVD-CWE-noinfo
|
CVE-2017-5965
|
2024-11-21 12:28 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251876
|
5.4 |
MEDIUM
Network
|
vimbadmin
|
vimbadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the …
|
CWE-79
Cross-site Scripting
|
CVE-2017-5870
|
2024-11-21 12:28 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251877
|
8.0 |
HIGH
Network
|
apache
|
archiva
|
Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML…
|
CWE-352
Origin Validation Error
|
CVE-2017-5657
|
2024-11-21 12:28 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251878
|
8.8 |
HIGH
Network
|
satel-iberia
|
sennet_multitask_meter
sennet_optimal_datalogger
sennet_solar_datalogger
|
A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, an…
|
CWE-77
Command Injection
|
CVE-2017-6048
|
2024-11-21 12:28 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251879
|
9.8 |
CRITICAL
Network
|
codesys
|
web_server
|
An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizati…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-6027
|
2024-11-21 12:28 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251880
|
9.8 |
CRITICAL
Network
|
codesys
|
web_server
|
A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizatio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6025
|
2024-11-21 12:28 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
