|
248611
|
6.5 |
MEDIUM
Network
|
elastic
|
x-pack
|
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete an…
|
CWE-269
Improper Privilege Management
|
CVE-2017-8447
|
2024-11-21 12:34 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248612
|
5.9 |
MEDIUM
Network
|
elasticsearch
|
cloud_enterprise
|
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the clien…
|
NVD-CWE-noinfo
|
CVE-2017-8444
|
2024-11-21 12:34 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248613
|
9.8 |
CRITICAL
Network
|
twsz
|
wifi_repeater_firmware
|
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file syst…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-8772
|
2024-11-21 12:34 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248614
|
9.8 |
CRITICAL
Network
|
twsz
|
wifi_repeater_firmware
|
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-8771
|
2024-11-21 12:34 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248615
|
7.5 |
HIGH
Network
|
twsz
|
wifi_repeater_firmware
|
There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.
|
CWE-200
Information Exposure
|
CVE-2017-8770
|
2024-11-21 12:34 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248616
|
6.1 |
MEDIUM
Network
|
microsoft
|
exchange_server
|
Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Sit…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8758
|
2024-11-21 12:34 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248617
|
7.5 |
HIGH
Network
|
microsoft
|
edge
|
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge h…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8757
|
2024-11-21 12:34 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248618
|
4.2 |
MEDIUM
Network
|
microsoft
|
edge
|
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edg…
|
CWE-20
Improper Input Validation
|
CVE-2017-8754
|
2024-11-21 12:34 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248619
|
7.5 |
HIGH
Network
|
microsoft
|
edge
|
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8756
|
2024-11-21 12:34 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248620
|
7.5 |
HIGH
Network
|
microsoft
|
edge
|
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting eng…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8755
|
2024-11-21 12:34 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
