|
251521
|
9.8 |
CRITICAL
Network
|
php
netapp
|
php
storage_automation_store
|
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer ov…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-9120
|
2024-11-21 12:35 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251522
|
7.5 |
HIGH
Network
|
php
netapp
|
php
storage_automation_store
|
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9118
|
2024-11-21 12:35 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251523
|
7.5 |
HIGH
Network
|
rockwellautomation
|
allen-bradley_l30erms_firmware
|
Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the devic…
|
CWE-20
Improper Input Validation
|
CVE-2017-9312
|
2024-11-21 12:35 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251524
|
8.8 |
HIGH
Network
|
dahuasecurity
|
xvr5x16_firmware
xvr5x08_firmware
xvr5x04_firmware
xvr7x16_firmware
ipc-hdbw4xxx_firmware
ipc-hdbw5xxx_firmware
|
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obta…
|
NVD-CWE-noinfo
|
CVE-2017-9317
|
2024-11-21 12:35 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251525
|
7.5 |
HIGH
Network
|
netiq
|
identity_manager
|
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.
|
CWE-200
Information Exposure
|
CVE-2017-9284
|
2024-11-21 12:35 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251526
|
6.1 |
MEDIUM
Network
|
netiq
|
identity_reporting
|
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9275
|
2024-11-21 12:35 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251527
|
9.8 |
CRITICAL
Network
|
netiq
microfocus
|
edirectory
|
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
|
CWE-287
Improper Authentication
|
CVE-2017-9285
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251528
|
7.5 |
HIGH
Network
|
netiq
|
identity_manager
|
Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies,…
|
CWE-200
Information Exposure
|
CVE-2017-9280
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251529
|
7.2 |
HIGH
Network
|
netiq
|
identity_manager
|
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user admini…
|
CWE-20
Improper Input Validation
|
CVE-2017-9279
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251530
|
9.8 |
CRITICAL
Network
|
netiq
|
identity_manager
|
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-9278
|
2024-11-21 12:35 |
2018-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
