|
252801
|
7.0 |
HIGH
Local
|
arm
|
arm-trusted-firmware
|
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-9607
|
2024-11-21 12:36 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252802
|
7.5 |
HIGH
Network
|
apache
|
solr
|
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this…
|
CWE-287
Improper Authentication
|
CVE-2017-9803
|
2024-11-21 12:36 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252803
|
7.5 |
HIGH
Network
|
apache
debian
|
http_server
debian_linux
|
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb…
|
CWE-416
Use After Free
|
CVE-2017-9798
|
2024-11-21 12:36 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252804
|
9.8 |
CRITICAL
Network
|
calendarscripts
|
watupro
|
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action…
|
CWE-89
SQL Injection
|
CVE-2017-9834
|
2024-11-21 12:36 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252805
|
7.8 |
HIGH
Local
|
ocaml
|
ocaml
|
OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."
|
NVD-CWE-noinfo
|
CVE-2017-9779
|
2024-11-21 12:36 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252806
|
9.8 |
CRITICAL
Network
|
paloaltonetworks
|
pan-os
|
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x be…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2017-9458
|
2024-11-21 12:36 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252807
|
7.8 |
HIGH
Local
|
automatedlogic
carrier
|
i-vu
sitescan_web
automatedlogic_webctrl
|
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; AL…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9650
|
2024-11-21 12:36 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252808
|
7.0 |
HIGH
Local
|
automatedlogic
carrier
|
i-vu
sitescan_web
automatedlogic_webctrl
|
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-9644
|
2024-11-21 12:36 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252809
|
6.3 |
MEDIUM
Network
|
automatedlogic
carrier
|
sitescan_web
i-vu
automatedlogic_webctrl
|
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC …
|
CWE-22
Path Traversal
|
CVE-2017-9640
|
2024-11-21 12:36 |
2017-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252810
|
5.4 |
MEDIUM
Network
|
synology
|
photo_station
|
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9555
|
2024-11-21 12:36 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
