|
249531
|
8.8 |
HIGH
Network
|
helpdezk
|
helpdezk
|
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
|
CWE-352
Origin Validation Error
|
CVE-2017-7447
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249532
|
8.8 |
HIGH
Network
|
helpdezk
|
helpdezk
|
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
|
CWE-352
Origin Validation Error
|
CVE-2017-7446
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249533
|
7.8 |
HIGH
Local
|
veritas
|
system_recovery
|
In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.
|
NVD-CWE-noinfo
|
CVE-2017-7444
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249534
|
6.1 |
MEDIUM
Network
|
apt-cacher_project
apt-cacher-ng_project
|
apt-cacher
apt-cacher-ng
|
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
|
CWE-113
HTTP Response Splitting
|
CVE-2017-7443
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249535
|
7.3 |
HIGH
Local
|
lightdm_project
canonical
|
lightdm
ubuntu_linux
|
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user …
|
CWE-22
Path Traversal
|
CVE-2017-7358
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249536
|
6.1 |
MEDIUM
Network
|
djangoproject
|
django
|
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an ope…
|
CWE-601
Open Redirect
|
CVE-2017-7234
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249537
|
5.5 |
MEDIUM
Local
|
proftpd
|
proftpd
|
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the l…
|
CWE-59
Link Following
|
CVE-2017-7418
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249538
|
6.1 |
MEDIUM
Network
|
djangoproject
|
django
|
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``dj…
|
CWE-601
Open Redirect
|
CVE-2017-7233
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249539
|
6.8 |
MEDIUM
Physics
|
riverbed
|
rios
|
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7307
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249540
|
6.4 |
MEDIUM
Physics
|
riverbed
|
rios
|
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging kn…
|
CWE-521
Weak Password Requirements
|
CVE-2017-7306
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
