|
198591
|
7.2 |
HIGH
Network
|
planex
|
cs-qr20_firmware
|
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-12576
|
2024-11-21 12:09 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198592
|
7.5 |
HIGH
Network
|
aterm
|
wg2600hp2_firmware
|
An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker co…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-12575
|
2024-11-21 12:09 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198593
|
9.8 |
CRITICAL
Network
|
planex
|
cs-w50hd_firmware
|
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-12574
|
2024-11-21 12:09 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198594
|
8.8 |
HIGH
Network
|
planex
|
cs-w50hd_firmware
|
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". A…
|
NVD-CWE-noinfo
|
CVE-2017-12573
|
2024-11-21 12:09 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198595
|
6.1 |
MEDIUM
Network
|
apache
|
airflow
|
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other br…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12614
|
2024-11-21 12:09 |
2018-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198596
|
4.8 |
MEDIUM
Network
|
redhat
|
openshift_container_platform
|
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later ac…
|
-
|
CVE-2017-12195
|
2024-11-21 12:09 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198597
|
6.8 |
MEDIUM
Network
|
apache
|
kafka
|
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication w…
|
CWE-287
Improper Authentication
|
CVE-2017-12610
|
2024-11-21 12:09 |
2018-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198598
|
5.9 |
MEDIUM
Network
|
redhat
|
undertow
jboss_fuse
virtualization
jboss_enterprise_application_platform
|
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matc…
|
CWE-863
Incorrect Authorization
|
CVE-2017-12196
|
2024-11-21 12:09 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198599
|
5.9 |
MEDIUM
Network
|
cisco
|
ios
ios_xe
|
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to r…
|
NVD-CWE-noinfo
|
CVE-2017-12319
|
2024-11-21 12:09 |
2018-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198600
|
7.5 |
HIGH
Network
|
cisco
|
spark_hybrid_calendar_service
|
A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-12310
|
2024-11-21 12:09 |
2018-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
