|
253841
|
7.5 |
HIGH
Network
|
fortinet
|
fortiportal
|
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-7731
|
2024-11-21 12:32 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253842
|
8.8 |
HIGH
Network
|
theforeman
|
foreman
|
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted b…
|
CWE-269
Improper Privilege Management
|
CVE-2017-7505
|
2024-11-21 12:32 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253843
|
6.5 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing e…
|
CWE-352
Origin Validation Error
|
CVE-2017-7620
|
2024-11-21 12:32 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253844
|
9.8 |
CRITICAL
Network
|
redhat
|
jboss_enterprise_application_platform
|
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes fo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-7504
|
2024-11-21 12:32 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253845
|
7.5 |
HIGH
Network
|
phoenix_contact_gmbh
|
mguard_firmware
|
A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN req…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-7935
|
2024-11-21 12:32 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253846
|
6.6 |
MEDIUM
Local
|
schneider-electric
|
wonderware_historian_client
|
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XM…
|
CWE-611
XXE
|
CVE-2017-7907
|
2024-11-21 12:32 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253847
|
9.8 |
CRITICAL
Network
|
redhat
|
jboss_enterprise_application_platform
|
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read fil…
|
CWE-611
XXE
|
CVE-2017-7503
|
2024-11-21 12:32 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253848
|
7.8 |
HIGH
Local
|
qemu
debian
|
qemu
debian_linux
|
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs meta…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7493
|
2024-11-21 12:32 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253849
|
4.3 |
MEDIUM
Network
|
authconfig_project
|
authconfig
|
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.
|
CWE-200
Information Exposure
|
CVE-2017-7488
|
2024-11-21 12:32 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253850
|
8.8 |
HIGH
Network
|
apache
|
cxf_fediz
|
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross …
|
CWE-352
Origin Validation Error
|
CVE-2017-7662
|
2024-11-21 12:32 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
