CVE-2017-17707
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-17707
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely identifies a password safe entry. Since "CredentialId" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Pleasant Password Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Pleasant Password Server是加拿大Pleasant Solutions公司的一款多用户密码管理器。 Pleasant Password Server 7.8.3之前版本中存在安全漏洞,该漏洞源于程序没有进行权限检测。攻击者可借助相应的‘CredentialId’值利用该漏洞列出、上传或删除附件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2017-17707
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-17707
请登录查看更多情报信息。
- https://www.profundis-labs.com/advisories/CVE-2017-17707.txtx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-17707
Same Patch Batch · n/a · 2018-07-31 · 16 CVEs total
| CVE-2018-14300 | Foxit Reader和PhantomPDF 安全漏洞 | |
| CVE-2016-8657 | Red Hat JBoss Enterprise Application Platform 权限许可和访问控制问题漏洞 | |
| CVE-2017-13652 | NetApp OnCommand Insight 安全漏洞 | |
| CVE-2017-17708 | Pleasant Password Server 安全漏洞 | |
| CVE-2018-11338 | Intuit Lacerte 2017 for Windows 安全漏洞 | |
| CVE-2018-12939 | SeedDMS 路径遍历漏洞 | |
| CVE-2018-12940 | SeedDMS 安全漏洞 | |
| CVE-2018-12941 | SeedDMS 安全漏洞 | |
| CVE-2018-12942 | SeedDMS SQL注入漏洞 | |
| CVE-2018-12943 | SeedDMS 跨站脚本漏洞 | |
| CVE-2018-12944 | SeedDMS 跨站脚本漏洞 | |
| CVE-2018-14432 | OpenStack Keystone Federation组件安全漏洞 | |
| CVE-2018-14533 | Inteno IOPSYS 安全漏洞 | |
| CVE-2018-14581 | Redgate .NET Reflector和SmartAssembly 安全漏洞 | |
| CVE-2018-14767 | Kamailio 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2017-17707
No comments yet