|
257711
|
6.5 |
MEDIUM
Network
|
advantech
|
webaccess
|
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.
|
CWE-416
Use After Free
|
CVE-2017-16732
|
2024-11-21 12:16 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257712
|
6.1 |
MEDIUM
Network
|
websitebaker
|
websitebaker
|
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16514
|
2024-11-21 12:16 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257713
|
10.0 |
CRITICAL
Network
|
rockwellautomation
|
1766-l32bxba_firmware
1766-l32awa_firmware
1766-l32bxb_firmware
1766-l32bwaa_firmware
1766-l32awaa_firmware
1766-l32bwa_firmware
|
A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16740
|
2024-11-21 12:16 |
2018-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257714
|
8.8 |
HIGH
Network
|
xplico
|
xplico
|
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentic…
|
CWE-78
OS Command
|
CVE-2017-16666
|
2024-11-21 12:16 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257715
|
7.5 |
HIGH
Network
|
advantech
|
webaccess
|
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.
|
CWE-20
Improper Input Validation
|
CVE-2017-16753
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257716
|
7.5 |
HIGH
Network
|
advantech
|
webaccess
|
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invali…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16728
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257717
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16724
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257718
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
|
CWE-22
Path Traversal
|
CVE-2017-16720
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257719
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
|
CWE-89
SQL Injection
|
CVE-2017-16716
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257720
|
4.8 |
MEDIUM
Network
|
synology
|
mailplus_server
|
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16768
|
2024-11-21 12:16 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
