|
250571
|
6.1 |
MEDIUM
Network
|
kmc_information_systems
|
caseaware
|
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
|
CWE-79
Cross-site Scripting
|
CVE-2017-5631
|
2024-11-21 12:28 |
2017-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250572
|
8.8 |
HIGH
Network
|
we-con
|
levi_studio_hmi_editor
|
A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6037
|
2024-11-21 12:28 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250573
|
8.8 |
HIGH
Network
|
we-con
|
levi_studio_hmi_editor
|
A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6035
|
2024-11-21 12:28 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250574
|
7.5 |
HIGH
Network
|
hyundaiusa
|
blue_link
|
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user informat…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-6054
|
2024-11-21 12:28 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250575
|
3.7 |
LOW
Adjacent
|
hyundaiusa
|
blue_link
|
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence…
|
NVD-CWE-noinfo
|
CVE-2017-6052
|
2024-11-21 12:28 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250576
|
4.6 |
MEDIUM
Physics
|
oneplus
|
oxygenos
|
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-5625
|
2024-11-21 12:28 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250577
|
7.5 |
HIGH
Network
|
apache
|
cxf
|
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an …
|
CWE-384
Session Fixation
|
CVE-2017-5656
|
2024-11-21 12:28 |
2017-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250578
|
5.3 |
MEDIUM
Network
|
apache
|
cxf
|
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-5653
|
2024-11-21 12:28 |
2017-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250579
|
7.3 |
HIGH
Network
|
apache
|
batik
|
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown dep…
|
CWE-611
XXE
|
CVE-2017-5662
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250580
|
7.3 |
HIGH
Network
|
apache
|
formatting_objects_processor
|
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend …
|
CWE-611
XXE
|
CVE-2017-5661
|
2024-11-21 12:28 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
