|
248951
|
8.2 |
HIGH
Network
|
apache
|
openmeetings
|
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
|
NVD-CWE-noinfo
|
CVE-2017-7682
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248952
|
8.8 |
HIGH
Network
|
apache
|
openmeetings
|
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the appli…
|
CWE-89
SQL Injection
|
CVE-2017-7681
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248953
|
7.5 |
HIGH
Network
|
apache
|
openmeetings
|
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.
|
NVD-CWE-noinfo
|
CVE-2017-7680
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248954
|
9.8 |
CRITICAL
Network
|
apache
|
openmeetings
|
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
|
CWE-326
CWE-307
Inadequate Encryption Strength
mproper Restriction of Excessive Authentication Attempts
|
CVE-2017-7673
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248955
|
8.8 |
HIGH
Network
|
apache
|
openmeetings
|
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2017-7666
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248956
|
10.0 |
CRITICAL
Network
|
apache
|
openmeetings
|
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
|
CWE-611
XXE
|
CVE-2017-7664
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248957
|
6.1 |
MEDIUM
Network
|
apache
|
openmeetings
|
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7663
|
2024-11-21 12:32 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248958
|
5.9 |
MEDIUM
Network
|
apache
|
struts
|
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validati…
|
CWE-20
Improper Input Validation
|
CVE-2017-7672
|
2024-11-21 12:32 |
2017-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248959
|
7.5 |
HIGH
Network
|
f5
puppet
apple
|
nginx
puppet_enterprise
xcode
|
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered …
|
-
|
CVE-2017-7529
|
2024-11-21 12:32 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248960
|
6.1 |
MEDIUM
Network
|
apache
|
spark
|
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits dat…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7678
|
2024-11-21 12:32 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
