|
247401
|
5.9 |
MEDIUM
Network
|
cayugalakenationalbank
|
cayuga_lake_national_bank
|
The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inform…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-9560
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247402
|
5.9 |
MEDIUM
Network
|
meafinancial
|
vision_bank
|
The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informa…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-9559
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247403
|
5.9 |
MEDIUM
Network
|
wawacu
|
wawa_employees_credit_union_mobile
|
The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-9558
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247404
|
7.5 |
HIGH
Network
|
dlink
|
dir-605l_firmware
|
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.
|
CWE-20
Improper Input Validation
|
CVE-2017-9675
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247405
|
6.1 |
MEDIUM
Network
|
webhammer
|
wp_custom_fields_search
|
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9419
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247406
|
5.4 |
MEDIUM
Network
|
simplece
|
simplece
|
In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9674
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247407
|
8.8 |
HIGH
Network
|
simplece
|
simplece
|
In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password.
|
CWE-352
Origin Validation Error
|
CVE-2017-9673
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247408
|
5.4 |
MEDIUM
Network
|
sap
|
successfactors
|
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9613
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247409
|
4.3 |
MEDIUM
Network
|
atlassian
|
confluence
|
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confl…
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-9505
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247410
|
7.8 |
HIGH
Local
|
gnuplot_project
|
gnuplot
|
An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly hav…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2017-9670
|
2024-11-21 12:36 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
