|
255061
|
8.8 |
HIGH
Network
|
tibco
|
jasperreports_server
jaspersoft
jaspersoft_reporting_and_analytics
|
Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of t…
|
CWE-352
Origin Validation Error
|
CVE-2017-5528
|
2024-11-21 12:27 |
2017-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255062
|
5.4 |
MEDIUM
Network
|
biscom
|
secure_file_transfer
|
Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5241
|
2024-11-21 12:27 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255063
|
3.5 |
LOW
Network
|
rapid7
|
metasploit
|
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of t…
|
CWE-352
Origin Validation Error
|
CVE-2017-5244
|
2024-11-21 12:27 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255064
|
8.5 |
HIGH
Network
|
rapid7
|
nexpose
|
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls …
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-5243
|
2024-11-21 12:27 |
2017-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255065
|
7.5 |
HIGH
Network
|
vipa_controls
|
winplc7_firmware
|
A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafte…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5177
|
2024-11-21 12:27 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255066
|
9.8 |
CRITICAL
Network
|
geutebruck
|
ip_camera_g-cam_efd-2250_firmware
|
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architectu…
|
NVD-CWE-noinfo
|
CVE-2017-5174
|
2024-11-21 12:27 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255067
|
9.8 |
CRITICAL
Network
|
geutebrueck
|
ip_camera_g-cam_efd-2250_firmware
|
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnera…
|
CWE-78
OS Command
|
CVE-2017-5173
|
2024-11-21 12:27 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255068
|
7.0 |
HIGH
Local
|
rockwellautomation
|
connected_components_workbench
|
A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and ea…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-5176
|
2024-11-21 12:27 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255069
|
9.8 |
CRITICAL
Network
|
codextrous
|
b2j_contact
|
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution.
|
CWE-20
Improper Input Validation
|
CVE-2017-5215
|
2024-11-21 12:27 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255070
|
7.5 |
HIGH
Network
|
codextrous
|
b2j_contact
|
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploade…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2017-5214
|
2024-11-21 12:27 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
