|
255331
|
5.5 |
MEDIUM
Local
|
proftpd
|
proftpd
|
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the l…
|
CWE-59
Link Following
|
CVE-2017-7418
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255332
|
6.1 |
MEDIUM
Network
|
djangoproject
|
django
|
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``dj…
|
CWE-601
Open Redirect
|
CVE-2017-7233
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255333
|
6.8 |
MEDIUM
Physics
|
riverbed
|
rios
|
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7307
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255334
|
6.4 |
MEDIUM
Physics
|
riverbed
|
rios
|
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging kn…
|
CWE-521
Weak Password Requirements
|
CVE-2017-7306
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255335
|
4.6 |
MEDIUM
Physics
|
riverbed
|
rios
|
Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: …
|
CWE-521
Weak Password Requirements
|
CVE-2017-7305
|
2024-11-21 12:31 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255336
|
7.5 |
HIGH
Network
|
horde
|
groupware
|
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enab…
|
CWE-78
OS Command
|
CVE-2017-7414
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255337
|
8.8 |
HIGH
Network
|
horde
|
groupware
|
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled…
|
CWE-78
OS Command
|
CVE-2017-7413
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255338
|
8.8 |
HIGH
Network
|
d-link
|
dir-615_firmware
|
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin i…
|
CWE-352
Origin Validation Error
|
CVE-2017-7398
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255339
|
8.2 |
HIGH
Local
|
xen
|
xen
|
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, al…
|
CWE-129
Improper Validation of Array Index
|
CVE-2017-7228
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255340
|
7.8 |
HIGH
Local
|
nixos
|
nixos
|
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
|
NVD-CWE-noinfo
|
CVE-2017-7412
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
