|
254901
|
4.5 |
MEDIUM
Network
|
admidio
|
admidio
|
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
|
CWE-352
Origin Validation Error
|
CVE-2017-8382
|
2024-11-21 12:33 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254902
|
5.4 |
MEDIUM
Network
|
infor
|
enterprise_asset_management
|
INFOR EAM V11.0 Build 201410 has XSS via comment fields.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7953
|
2024-11-21 12:33 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254903
|
8.8 |
HIGH
Network
|
infor
|
enterprise_asset_management
|
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
|
CWE-89
SQL Injection
|
CVE-2017-7952
|
2024-11-21 12:33 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254904
|
7.8 |
HIGH
Local
|
google
|
android
|
In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized a…
|
CWE-416
Use After Free
|
CVE-2017-8246
|
2024-11-21 12:33 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254905
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bou…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8245
|
2024-11-21 12:33 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254906
|
7.0 |
HIGH
Local
|
google
|
android
|
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at …
|
CWE-362
Race Condition
|
CVE-2017-8244
|
2024-11-21 12:33 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254907
|
5.5 |
MEDIUM
Local
|
conexant
|
mictray64
|
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKey…
|
CWE-200
Information Exposure
|
CVE-2017-8360
|
2024-11-21 12:33 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254908
|
5.5 |
MEDIUM
Local
|
schneider-electric
|
vampset
|
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7967
|
2024-11-21 12:33 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254909
|
5.5 |
MEDIUM
Local
|
ca
|
client_automation
|
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-8391
|
2024-11-21 12:33 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254910
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8304
|
2024-11-21 12:33 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
