Export limit exceeded: 45936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363331 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363331 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7409 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.
CVE-2017-7410 1 Websitebaker 1 Websitebaker 2025-04-20 9.8 Critical
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
CVE-2017-7411 1 Enalean 1 Tuleap 2025-04-20 N/A
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).
CVE-2017-7413 1 Horde 1 Groupware 2025-04-20 N/A
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
CVE-2017-7414 1 Horde 1 Groupware 2025-04-20 N/A
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.
CVE-2017-7415 1 Atlassian 1 Confluence Server 2025-04-20 N/A
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
CVE-2017-7416 1 Ntop 1 Ntopng 2025-04-20 N/A
ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.
CVE-2017-7418 1 Proftpd 1 Proftpd 2025-04-20 N/A
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.
CVE-2017-7420 1 Microfocus 3 Enterprise Developer, Enterprise Server, Enterprise Server Monitor And Control 2025-04-20 N/A
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).
CVE-2017-7421 1 Microfocus 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more 2025-04-20 N/A
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.
CVE-2017-7422 1 Microfocus 2 Enterprise Developer, Enterprise Server 2025-04-20 N/A
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.
CVE-2017-7423 1 Microfocus 2 Enterprise Developer, Enterprise Server 2025-04-20 N/A
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.
CVE-2017-7424 1 Microfocus 2 Enterprise Developer, Enterprise Server 2025-04-20 N/A
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.
CVE-2017-7425 1 Netiq 1 Imanager 2025-04-20 N/A
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
CVE-2017-7430 2 Netiq, Novell 2 Imanager, Imanager 2025-04-20 N/A
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
CVE-2017-7431 2 Netiq, Novell 2 Imanager, Imanager 2025-04-20 N/A
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
CVE-2017-7432 2 Netiq, Novell 2 Imanager, Imanager 2025-04-20 N/A
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
CVE-2017-7433 1 Micro Focus 1 Vibe 2025-04-20 N/A
An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default).
CVE-2017-7439 1 Netapp 1 Oncommand Unified Manager Core Package 2025-04-20 N/A
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.
CVE-2017-7440 3 Apple, Gfi, Microsoft 4 Macos, Kerio Connect, Kerio Connect Client and 1 more 2025-04-20 6.5 Medium
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.