Search Results (2292 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-16757 1 Hola 1 Vpn 2025-04-20 N/A
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.
CVE-2017-16754 1 Boltcms 1 Bolt 2025-04-20 N/A
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
CVE-2017-16659 1 Anti-spam Smtp Proxy Project 1 Anti-spam Smtp Proxy 2025-04-20 7.8 High
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
CVE-2017-15877 1 Sistemagpweb 1 Gpweb 2025-04-20 N/A
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.
CVE-2017-9615 1 Cognito 1 Moneyworks 2025-04-20 N/A
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.
CVE-2017-9606 1 Infotecs 2 Vipnet Client, Vipnet Coordinator 2025-04-20 N/A
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.
CVE-2017-9602 1 Kbvault Mysql Project 1 Kbvault Mysql 2025-04-20 9.8 Critical
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.
CVE-2017-9514 1 Atlassian 1 Bamboo 2025-04-20 N/A
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.
CVE-2017-8857 1 Veritas 2 Netbackup, Netbackup Appliance 2025-04-20 N/A
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
CVE-2017-8856 1 Veritas 2 Netbackup, Netbackup Appliance 2025-04-20 N/A
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
CVE-2017-8858 1 Veritas 2 Netbackup, Netbackup Appliance 2025-04-20 N/A
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
CVE-2017-7889 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-20 7.8 High
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
CVE-2017-7850 1 Tenable 1 Nessus 2025-04-20 N/A
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode.
CVE-2017-0593 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230.
CVE-2017-0830 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.
CVE-2015-3171 1 Sos Project 1 Sos 2025-04-20 5.5 Medium
sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.
CVE-2017-9494 1 Motorola 2 Mx011anm, Mx011anm Firmware 2025-04-20 N/A
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet.
CVE-2015-5284 1 Freeipa 1 Freeipa 2025-04-20 N/A
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
CVE-2017-9482 1 Cisco 2 Dpc3939, Dpc3939 Firmware 2025-04-20 N/A
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session.
CVE-2017-9479 1 Cisco 2 Dpc3939, Dpc3939 Firmware 2025-04-20 N/A
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem.