|
254091
|
5.4 |
MEDIUM
Network
|
cambiumnetworks
|
epmp_1000_firmware
epmp_2000_firmware
|
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5258
|
2024-11-21 12:27 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254092
|
5.4 |
MEDIUM
Network
|
cambiumnetworks
|
epmp_1000_firmware
epmp_2000_firmware
|
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5257
|
2024-11-21 12:27 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254093
|
8.8 |
HIGH
Network
|
cambiumnetworks
|
cnpilot_r190v_firmware
cnpilot_e410_firmware
cnpilot_r190n_firmware
cnpilot_e400_firmware
cnpilot_e600_firmware
|
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' acco…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-5260
|
2024-11-21 12:27 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254094
|
5.4 |
MEDIUM
Network
|
cambiumnetworks
|
epmp_1000_firmware
epmp_2000_firmware
|
In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and tho…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5256
|
2024-11-21 12:27 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254095
|
8.8 |
HIGH
Network
|
cambiumnetworks
|
epmp_1000_firmware
epmp_2000_firmware
|
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-…
|
CWE-78
OS Command
|
CVE-2017-5255
|
2024-11-21 12:27 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254096
|
8.8 |
HIGH
Network
|
cambiumnetworks
|
epmp_1000_firmware
epmp_2000_firmware
|
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after di…
|
CWE-269
Improper Privilege Management
|
CVE-2017-5254
|
2024-11-21 12:27 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254097
|
8.8 |
HIGH
Network
|
rapid7
|
nexpose
|
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site requ…
|
CWE-352
Origin Validation Error
|
CVE-2017-5264
|
2024-11-21 12:27 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254098
|
8.8 |
HIGH
Network
|
tibco
|
tibbr
|
The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Communi…
|
NVD-CWE-noinfo
|
CVE-2017-5534
|
2024-11-21 12:27 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254099
|
8.1 |
HIGH
Network
|
tibco
|
tibbr
|
The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate thei…
|
NVD-CWE-noinfo
|
CVE-2017-5530
|
2024-11-21 12:27 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254100
|
9.8 |
CRITICAL
Network
|
tibco
|
jasperreports_server
jaspersoft
jaspersoft_reporting_and_analytics
|
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with…
|
NVD-CWE-noinfo
|
CVE-2017-5533
|
2024-11-21 12:27 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
