Latest CVE Feed
-
6.1
MEDIUMCVE-2017-15682
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.... Read more
Affected Products : crafter_cms- Published: Nov. 27, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-15681
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.... Read more
Affected Products : crafter_cms- Published: Nov. 27, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-15680
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.... Read more
Affected Products : crafter_cms- Published: Nov. 27, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-15665
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.... Read more
Affected Products : diskboss- Published: Jan. 10, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-15664
In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.... Read more
Affected Products : syncbreeze- Published: Jan. 10, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-15663
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.... Read more
Affected Products : disk_pulse- Published: Jan. 10, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-15662
In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.... Read more
Affected Products : vx_search- Published: Jan. 10, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-15656
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.... Read more
Affected Products : asuswrt- Published: Jan. 31, 2018
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2017-15655
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the ... Read more
Affected Products : asuswrt- Published: Jan. 31, 2018
- Modified: Nov. 21, 2024
-
8.3
HIGHCVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.... Read more
Affected Products : asuswrt- Published: Jan. 31, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent str... Read more
- Published: Jan. 31, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2017-15652
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: So... Read more
Affected Products : ghostscript- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-15640
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.... Read more
Affected Products : phpipam- Published: Apr. 21, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15637
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15636
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15635
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15634
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15633
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15632
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-15631
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.... Read more
Affected Products : er5110g_firmware er5120g_firmware er5510g_firmware er5520g_firmware r4149g_firmware r4239g_firmware r4299g_firmware r473gp-ac_firmware r473g_firmware r473p-ac_firmware +66 more products- Published: Jan. 11, 2018
- Modified: Nov. 21, 2024