CVE-2017-14984

Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bpname parameter to /module/adminbp/addservices.php...

Authentication flaw

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

Input validation

The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before...

CVE-2017-11321

The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command...

CVE-2017-13684

Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service program crash or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption...

PT-2017-13767 · Intelbras · Intelbras Wrn 150

Name of the Vulnerable Software and Affected Versions: Intelbras WRN 150 devices affected versions not specified Description: The issue allows remote attackers to read the configuration file and bypass authentication by making a direct request for "cgi-bin/DownloadCfg/RouterCfm.cfg" with an...

CVE-2017-14526

Multiple XML external entity XXE vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a 1 crafted DT...

UBUNTU-CVE-2017-11191

DISPUTED FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in...

CVE-2017-11191

Summary: CVE-2017-11191 affects FreeIPA 4.x with API version 2.213, where a remote authenticated user can bypass account-locking by performing an unlock action using an old session ID for the same user. The vulnerability is described as a session hijacking/unlock bypass risk rooted in how unlocks...

CVE-2017-14527

CVE-2017-14527 affects OpenText Documentum Webtop 6.8.0160.0073. The vulnerability is an XML External Entity (XXE) injection in Webtop, triggered by crafted XML—specifically in a DTD within a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or via a crafted XML file in a Medi...

CVE-2017-14704

Multiple unrestricted file upload vulnerabilities in the 1 imageSubmit and 2 proofsubmit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

CVE-2015-7317

Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings...

CVE-2015-7317

Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings...

CVE-2015-4684

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager aka RPRM before 8.4 allow 1 remote authenticated users to read arbitrary files via a .. dot dot in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary fil...

Huawei E5756S Authentication Bypass Vulnerability

The Huawei E5756S is a Unicom 3G Internet card device from Huawei China. A security vulnerability exists in the Huawei E5756S V100R001B100D00SP00C00 version, which stems from an imperfect WebUI interface authentication mechanism. The vulnerability can be exploited by a remote attacker to view the...

Information disclosure

The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges...

Dataprobe iBootBar Authorization Vulnerability

Dataprobe iBootBar is a remote power management solution from Dataprobe USA that provides serial ports, optional internal modem and DTMF audio dialing control. A security vulnerability exists in Dataprobe iBootBar using the 2007-09-20 beta firmware. A remote attacker can exploit this vulnerabilit...

CVE-2017-12421

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 is affected by CVE-2017-12421. A remote authenticated attacker can execute arbitrary code on the storage controller via unspecified vectors. Impact is described as remote code execution with potential data exposure on affected ONTAP versions. Reme...

CVE-2014-8677

SO Planning (SOPlanning) 1.32 and earlier is vulnerable to multiple issues, including SQL injection, XSS and PHP code injection. Specifically, CVE-2014-8677 describes that remote authenticated users with a prepared database or the ability to create arbitrary databases, or PHP < 5.2 with an con...

CVE-2017-13670

In BlackCat CMS 1.2, CVE-2017-13670 describes a vulnerability where remote authenticated users can upload arbitrary files through the media/upload AJAX endpoint (backend/media/ajax_upload.php), demonstrated by a ZIP containing a PHP file. The available documents do not specify an exact exploit pa...