|
265011
|
8.8 |
HIGH
Network
|
draytek
|
vigorap_910c_firmware
|
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for reque…
|
CWE-352
Origin Validation Error
|
CVE-2017-11649
|
2024-11-21 12:08 |
2018-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265012
|
7.5 |
HIGH
Network
|
-
|
wireless_ip_camera_360
|
An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.
|
CWE-200
Information Exposure
|
CVE-2017-11635
|
2024-11-21 12:08 |
2018-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265013
|
9.8 |
CRITICAL
Network
|
-
|
wireless_ip_camera_360
|
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11634
|
2024-11-21 12:08 |
2018-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265014
|
7.5 |
HIGH
Network
|
-
|
wireless_ip_camera_360
|
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.
|
NVD-CWE-noinfo
|
CVE-2017-11633
|
2024-11-21 12:08 |
2018-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265015
|
9.8 |
CRITICAL
Network
|
-
|
wireless_ip_camera_360
|
An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a T…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11632
|
2024-11-21 12:08 |
2018-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265016
|
8.8 |
HIGH
Network
|
keycloak
|
keycloak
|
It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious pa…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-12161
|
2024-11-21 12:08 |
2018-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265017
|
9.8 |
CRITICAL
Network
|
debian
x.org
|
debian_linux
xorg-server
|
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
|
CWE-20
Improper Input Validation
|
CVE-2017-12180
|
2024-11-21 12:08 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265018
|
9.8 |
CRITICAL
Network
|
debian
x.org
|
debian_linux
xorg-server
|
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12179
|
2024-11-21 12:08 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265019
|
9.8 |
CRITICAL
Network
|
debian
x.org
|
debian_linux
xorg-server
|
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
|
CWE-20
Improper Input Validation
|
CVE-2017-12178
|
2024-11-21 12:08 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265020
|
9.8 |
CRITICAL
Network
|
debian
x.org
|
debian_linux
xorg-server
|
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12177
|
2024-11-21 12:08 |
2018-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
