CVE-2017-5620 (zammad)
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
Source: CVE-2017-5620 (zammad)
CVE-2015-4407 (ds-76xxx_series_firmware, ds-77xxx_series_firmware)
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue.
Source: CVE-2015-4407 (ds-76xxx_series_firmware, ds-77xxx_series_firmware)
CVE-2015-4408 (ds-76xxx_series_firmware, ds-77xxx_series_firmware)
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.
Source: CVE-2015-4408 (ds-76xxx_series_firmware, ds-77xxx_series_firmware)
CVE-2015-4409 (ds-76xxx_series_firmware, ds-77xxx_series_firmware)
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.
Source: CVE-2015-4409 (ds-76xxx_series_firmware, ds-77xxx_series_firmware)
CVE-2017-5929 (logback)
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
Source: CVE-2017-5929 (logback)
CVE-2017-6180
Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vulnerability affecting goform/formChnUserPwd and goform/formUserMng (and the entire set of other pages).
Source: CVE-2017-6180
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
Source: CVE-2017-5929
CVE-2017-6081
A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.
Source: CVE-2017-6081
CVE-2017-5620
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
Source: CVE-2017-5620
CVE-2017-6080
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.
Source: CVE-2017-6080