|
264861
|
8.1 |
HIGH
Network
|
moxa
|
awk-3131a_firmware
|
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication reque…
|
CWE-613
Insufficient Session Expiration
|
CVE-2016-8712
|
2024-11-21 11:59 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264862
|
6.1 |
MEDIUM
Network
|
moxa
|
awk-3131a_firmware
|
An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multi…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8719
|
2024-11-21 11:59 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264863
|
8.8 |
HIGH
Network
|
moxa
|
awk-3131a_firmware
|
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a …
|
CWE-352
Origin Validation Error
|
CVE-2016-8718
|
2024-11-21 11:59 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264864
|
7.5 |
HIGH
Adjacent
|
moxa
|
awk-3131a_firmware
|
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functiona…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2016-8716
|
2024-11-21 11:59 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264865
|
8.1 |
HIGH
Network
|
lenovo
|
updates
|
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8237
|
2024-11-21 11:59 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264866
|
7.8 |
HIGH
Local
|
lenovo
|
customer_care_software_development_kit
|
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8235
|
2024-11-21 11:59 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264867
|
7.5 |
HIGH
Adjacent
|
huawei
|
oceanstor_5600_v3_firmware
|
Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-8754
|
2024-11-21 11:59 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264868
|
6.5 |
MEDIUM
Network
|
huawei
|
anyoffice
|
Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.
|
CWE-20
Improper Input Validation
|
CVE-2016-8275
|
2024-11-21 11:59 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264869
|
7.8 |
HIGH
Local
|
huawei
|
hisuite
|
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code.
|
CWE-284
Improper Access Control
|
CVE-2016-8274
|
2024-11-21 11:59 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264870
|
7.8 |
HIGH
Local
|
huawei
|
hisuite
|
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can la…
|
CWE-20
CWE-284
Improper Input Validation
Improper Access Control
|
CVE-2016-8273
|
2024-11-21 11:59 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
