Search

Search Results (363819 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7554 1 Redhat 1 Mobile Application Platform 2025-04-20 N/A
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.
CVE-2017-7555 2 Augeas, Redhat 5 Augeas, Enterprise Linux, Rhel Aus and 2 more 2025-04-20 N/A
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
CVE-2017-7556 1 Hawt 1 Hawtio 2025-04-20 N/A
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.
CVE-2017-7560 1 Redhat 1 Rhnsd 2025-04-20 N/A
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.
CVE-2017-7561 1 Redhat 1 Jboss Enterprise Application Platform 2025-04-20 N/A
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
CVE-2017-7565 1 Splunk 1 Hadoop Connect 2025-04-20 N/A
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.
CVE-2017-7569 1 Vbulletin 1 Vbulletin 2025-04-20 N/A
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
CVE-2017-7570 1 Pivotx 1 Pivotx 2025-04-20 N/A
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
CVE-2017-7571 1 Ladybirdweb 1 Faveo Helpdesk 2025-04-20 8.0 High
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
CVE-2017-7572 1 Backintime Project 1 Backintime 2025-04-20 N/A
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.
CVE-2017-7576 1 Dragonwavex 2 Horizon Wireless Radio, Horizon Wireless Radio Firmware 2025-04-20 9.8 Critical
DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8.
CVE-2017-7577 1 Xiongmaitech 1 Uc-httpd 2025-04-20 N/A
XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.
CVE-2017-7578 1 Libming 1 Libming 2025-04-20 N/A
Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.
CVE-2017-7579 1 Phpmyfaq 1 Phpmyfaq 2025-04-20 N/A
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
CVE-2017-7581 1 News System Project 1 News System 2025-04-20 N/A
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
CVE-2017-7583 1 Ilias 1 Ilias 2025-04-20 N/A
ILIAS before 5.2.3 has XSS via SVG documents.
CVE-2017-7584 1 Foxitsoftware 1 Foxit Pdf Toolkit 2025-04-20 N/A
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
CVE-2017-7585 1 Libsndfile Project 1 Libsndfile 2025-04-20 N/A
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7586 1 Libsndfile Project 1 Libsndfile 2025-04-20 N/A
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-7588 1 Brother 33 Ads-1000w, Ads-1500w, Ads-2500w and 30 more 2025-04-20 N/A
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.