Latest CVE Feed
-
9.1
CRITICALCVE-2015-1555
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.... Read more
Affected Products : zend_framework- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-12647
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.... Read more
Affected Products : liferay_portal- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
9.0
HIGHCVE-2017-12479
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing lo... Read more
Affected Products : unitrends_backup- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9632
A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, Lase... Read more
- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-6769
A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected s... Read more
Affected Products : secure_access_control_system- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-6766
A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypt... Read more
- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-6762
A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management inte... Read more
Affected Products : jabber_guest- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
6.8
MEDIUMCVE-2017-6759
A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attac... Read more
Affected Products : prime_collaboration_provisioning- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6745
A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to... Read more
Affected Products : videoscape_distribution_suite_for_television- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-12584
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled pa... Read more
Affected Products : senayan_library_management_system- Published: Aug. 06, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9864
An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policies and random-number generators based on timestamps, and... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9861
An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to succ... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9859
An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack t... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9854
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall ... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-2221
Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more
Affected Products : baidu_ime- Published: Aug. 04, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-10817
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.... Read more
Affected Products : malion- Published: Aug. 04, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-1327
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more
Affected Products : inotes- Published: Aug. 03, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-11393
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN... Read more
Affected Products : officescan- Published: Aug. 03, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-11390
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706.... Read more
Affected Products : control_manager- Published: Aug. 02, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-11385
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.... Read more
Affected Products : control_manager- Published: Aug. 02, 2017
- Modified: Apr. 20, 2025