CVEs from 2017
Total
11,607
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0195 | medium | 5.4 | 5.4 | 9y ago | Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office O… | |||
| CVE-2017-0184 | medium | 5.4 | 5.4 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Se… | |||
| CVE-2017-0178 | medium | 5.4 | 5.4 | 9y ago | A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails… | |||
| CVE-2017-0169 | medium | 5.4 | 5.4 | 9y ago | An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input fro… | |||
| CVE-2017-3888 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack ag… | |||
| CVE-2017-5900 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 paramete… | |||
| CVE-2017-7298 | medium | 5.4 | 5.4 | 9y ago | Moodle Cross-site Scripting in the Course summary filter of the Add a new course | |||
| CVE-2017-6864 | medium | 5.4 | 5.4 | 9y ago | The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. | |||
| CVE-2017-6878 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php. | |||
| CVE-2017-7257 | medium | 5.4 | 5.4 | 9y ago | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack. | |||
| CVE-2017-7256 | medium | 5.4 | 5.4 | 9y ago | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack. | |||
| CVE-2017-7255 | medium | 5.4 | 5.4 | 9y ago | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. Someone must login to conduct the attack. | |||
| CVE-2017-1146 | medium | 5.4 | 5.4 | 9y ago | IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… | |||
| CVE-2017-3874 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Informati… | |||
| CVE-2017-3869 | medium | 5.4 | 5.4 | 9y ago | An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. T… | |||
| CVE-2017-0099 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allo… | |||
| CVE-2017-0098 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V … | |||
| CVE-2017-0097 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest O… | |||
| CVE-2017-0076 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest O… | |||
| CVE-2017-0074 | medium | 5.4 | 5.4 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest O… | |||
| CVE-2017-0051 | medium | 5.4 | 5.4 | 9y ago | Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of… | |||
| CVE-2017-5584 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated u… | |||
| CVE-2017-6817 | medium | 5.4 | 5.4 | 9y ago | In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | |||
| CVE-2017-6814 | medium | 5.4 | 5.4 | 9y ago | In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortco… | |||
| CVE-2017-6556 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings … | |||
| CVE-2017-6555 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description paramet… | |||
| CVE-2017-1133 | medium | 5.4 | 5.4 | 9y ago | IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to … | |||
| CVE-2017-5832 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | |||
| CVE-2017-3847 | medium | 5.4 | 5.4 | 9y ago | A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interf… | |||
| CVE-2017-5998 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name paramete… | |||
| CVE-2017-1121 | medium | 5.4 | 5.4 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f… | |||
| CVE-2017-3902 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing … | |||
| CVE-2017-1128 | medium | 5.4 | 5.4 | 10y ago | IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-1127 | medium | 5.4 | 5.4 | 10y ago | IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … | |||
| CVE-2017-5875 | medium | 5.4 | 5.4 | 10y ago | XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | |||
| CVE-2017-3810 | medium | 5.4 | 5.4 | 10y ago | A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected s… | |||
| CVE-2017-3799 | medium | 5.4 | 5.4 | 10y ago | A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T2… | |||
| CVE-2017-3795 | medium | 5.4 | 5.4 | 10y ago | A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. K… | |||
| CVE-2017-5553 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a jav… | |||
| CVE-2017-5515 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names. | |||
| CVE-2017-5494 | medium | 5.4 | 5.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (… | |||
| CVE-2017-5179 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2017-0360 | medium | 5.3 | 5.3 | 4y ago | file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerabil… | |||
| CVE-2017-17927 | medium | 5.3 | 5.3 | 9y ago | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | |||
| CVE-2017-17926 | medium | 5.3 | 5.3 | 9y ago | PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | |||
| CVE-2017-17924 | medium | 5.3 | 5.3 | 9y ago | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | |||
| CVE-2017-1698 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. | |||
| CVE-2017-16735 | medium | 5.3 | 5.3 | 9y ago | A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. | |||
| CVE-2017-16733 | medium | 5.3 | 5.3 | 9y ago | A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information … | |||
| CVE-2017-1423 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. | |||
| CVE-2017-17776 | medium | 5.3 | 5.3 | 9y ago | Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. | |||
| CVE-2017-10905 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. | |||
| CVE-2017-11919 | medium | 5.3 | 5.3 | 9y ago | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows … | |||
| CVE-2017-11887 | medium | 5.3 | 5.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows … | |||
| CVE-2017-16687 | medium | 5.3 | 5.3 | 9y ago | The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid use… | |||
| CVE-2017-17553 | medium | 5.3 | 5.3 | 9y ago | The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malici… | |||
| CVE-2017-1613 | medium | 5.3 | 5.3 | 9y ago | IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954. | |||
| CVE-2017-1548 | medium | 5.3 | 5.3 | 9y ago | IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view… | |||
| CVE-2017-15943 | medium | 5.3 | 5.3 | 9y ago | The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before … | |||
| CVE-2017-11301 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-11300 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-11299 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-11298 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-11297 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||
| CVE-2017-13165 | medium | 5.3 | 5.3 | 9y ago | An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937. | |||
| CVE-2017-14905 | medium | 5.3 | 5.3 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can oc… | |||
| CVE-2017-14903 | medium | 5.3 | 5.3 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload… | |||
| CVE-2017-12080 | medium | 5.3 | 5.3 | 9y ago | An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information… | |||
| CVE-2017-3764 | medium | 5.3 | 5.3 | 9y ago | A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. N… | |||
| CVE-2017-12363 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficien… | |||
| CVE-2017-12355 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS … | |||
| CVE-2017-12354 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnera… | |||
| CVE-2017-8031 | medium | 5.3 | 5.3 | 9y ago | Cloud Foundry UAA Denial of Service through client token revocation endpoint | |||
| CVE-2017-8213 | medium | 5.3 | 5.3 | 9y ago | Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an inp… | |||
| CVE-2017-8177 | medium | 5.3 | 5.3 | 9y ago | Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Su… | |||
| CVE-2017-8121 | medium | 5.3 | 5.3 | 9y ago | The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | |||
| CVE-2017-2720 | medium | 5.3 | 5.3 | 9y ago | FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increa… | |||
| CVE-2017-2712 | medium | 5.3 | 5.3 | 9y ago | S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them t… | |||
| CVE-2017-13702 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. | |||
| CVE-2017-1000211 | medium | 5.3 | 5.3 | 9y ago | Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself. | |||
| CVE-2017-1000226 | medium | 5.3 | 5.3 | 9y ago | Stop User Enumeration 1.3.8 allows user enumeration via the REST API | |||
| CVE-2017-1000246 | medium | 5.3 | 5.3 | 9y ago | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | |||
| CVE-2017-0860 | medium | 5.3 | 5.3 | 9y ago | An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064. | |||
| CVE-2017-0851 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570. | |||
| CVE-2017-0850 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941. | |||
| CVE-2017-0849 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399. | |||
| CVE-2017-0848 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217. | |||
| CVE-2017-11022 | medium | 5.3 | 5.3 | 9y ago | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which… | |||
| CVE-2017-12309 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the… | |||
| CVE-2017-12303 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to byp… | |||
| CVE-2017-12299 | medium | 5.3 | 5.3 | 9y ago | A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker t… | |||
| CVE-2017-15272 | medium | 5.3 | 5.3 | 9y ago | The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "… | |||
| CVE-2017-8812 | medium | 5.3 | 5.3 | 9y ago | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | |||
| CVE-2017-12737 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected … | |||
| CVE-2017-11834 | medium | 5.3 | 5.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Serv… | |||
| CVE-2017-10266 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerabi… | |||
| CVE-2017-16754 | medium | 5.3 | 5.3 | 9y ago | Bolt Improper Access Control | |||
| CVE-2017-16673 | medium | 5.3 | 5.3 | 9y ago | Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this … | |||
| CVE-2017-12083 | medium | 5.3 | 5.3 | 9y ago | An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump stri… | |||
| CVE-2017-12295 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain inf… |