|
258061
|
9.9 |
CRITICAL
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-12822
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258062
|
9.8 |
CRITICAL
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12821
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258063
|
7.5 |
HIGH
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12820
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258064
|
9.8 |
CRITICAL
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
|
CWE-287
Improper Authentication
|
CVE-2017-12819
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258065
|
7.5 |
HIGH
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12818
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258066
|
6.1 |
MEDIUM
Network
|
nexusphp_project
|
nexusphp
|
Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) a…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12792
|
2024-11-21 12:10 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258067
|
9.8 |
CRITICAL
Network
|
perl
|
perl
|
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long en…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12814
|
2024-11-21 12:10 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258068
|
8.0 |
HIGH
Network
|
zkteco
|
zktime_web
|
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators …
|
CWE-352
Origin Validation Error
|
CVE-2017-13129
|
2024-11-21 12:10 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258069
|
10.0 |
CRITICAL
Network
|
vebto
|
pixie_-_image_editor
|
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-12905
|
2024-11-21 12:10 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258070
|
9.8 |
CRITICAL
Network
|
tecnovision
|
dlx_spot_player4
|
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
|
CWE-89
SQL Injection
|
CVE-2017-12930
|
2024-11-21 12:10 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
