|
251701
|
5.5 |
MEDIUM
Local
|
schneider-electric
|
vampset
|
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7967
|
2024-11-21 12:33 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251702
|
5.5 |
MEDIUM
Local
|
ca
|
client_automation
|
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-8391
|
2024-11-21 12:33 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251703
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8304
|
2024-11-21 12:33 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251704
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2017-8303
|
2024-11-21 12:33 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251705
|
8.8 |
HIGH
Network
|
atlassian
|
hipchat_server
|
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-8080
|
2024-11-21 12:33 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251706
|
5.9 |
MEDIUM
Network
|
watchguard
|
panda_mobile_security
|
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-8060
|
2024-11-21 12:33 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251707
|
8.1 |
HIGH
Network
|
foxitsoftware
|
foxit_pdf
|
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-8059
|
2024-11-21 12:33 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251708
|
5.9 |
MEDIUM
Network
|
atlassian
|
hipchat
|
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent du…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-8058
|
2024-11-21 12:33 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251709
|
5.9 |
MEDIUM
Network
|
wordpress
|
wordpress
|
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?ac…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-8295
|
2024-11-21 12:33 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251710
|
3.8 |
LOW
Local
|
xen
novell
suse
|
xen
suse_linux_enterprise_point_of_sale
openstack_cloud
manager_proxy
manager
suse_linux_enterprise_server
|
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in th…
|
CWE-200
Information Exposure
|
CVE-2017-7995
|
2024-11-21 12:33 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
