|
273741
|
8.1 |
HIGH
Network
|
allroundautomations
|
pl\/sql_developer
|
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2016-2346
|
2024-11-21 11:48 |
2016-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273742
|
7.5 |
HIGH
Network
|
systech
|
syslink_sl-1000_modular_gateway_firmware
|
SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to …
|
CWE-310
Cryptographic Issues
|
CVE-2016-2333
|
2024-11-21 11:48 |
2016-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273743
|
8.8 |
HIGH
Network
|
systech
|
syslink_sl-1000_modular_gateway_firmware
|
flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 506…
|
CWE-77
Command Injection
|
CVE-2016-2332
|
2024-11-21 11:48 |
2016-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273744
|
9.8 |
CRITICAL
Network
|
systech
|
syslink_sl-1000_modular_gateway_firmware
|
The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access vi…
|
CWE-255
Credentials Management
|
CVE-2016-2331
|
2024-11-21 11:48 |
2016-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273745
|
8.2 |
HIGH
Local
|
symantec
|
messaging_gateway
|
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.
|
CWE-74
Injection
|
CVE-2016-2204
|
2024-11-21 11:48 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273746
|
7.8 |
HIGH
Local
|
symantec
|
messaging_gateway
|
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
|
CWE-255
Credentials Management
|
CVE-2016-2203
|
2024-11-21 11:48 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273747
|
8.8 |
HIGH
Adjacent
|
lemurmonitors
|
bluedriver
|
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leverag…
|
CWE-284
Improper Access Control
|
CVE-2016-2354
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273748
|
7.5 |
HIGH
Network
|
ecava
|
integraxor
|
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
|
CWE-310
Cryptographic Issues
|
CVE-2016-2306
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273749
|
6.1 |
MEDIUM
Network
|
ecava
|
integraxor
|
Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2305
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273750
|
4.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive inf…
|
CWE-200
Information Exposure
|
CVE-2016-2304
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
