|
247971
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed poi…
|
CWE-416
Use After Free
|
CVE-2017-2891
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247972
|
8.8 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An atta…
|
CWE-78
OS Command
|
CVE-2017-2890
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247973
|
7.5 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeated…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-2889
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247974
|
7.5 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-2884
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247975
|
8.1 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code…
|
NVD-CWE-noinfo
|
CVE-2017-2883
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247976
|
8.1 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive fil…
|
NVD-CWE-noinfo
|
CVE-2017-2882
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247977
|
8.8 |
HIGH
Adjacent
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-suppli…
|
NVD-CWE-noinfo
|
CVE-2017-2881
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247978
|
8.8 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP re…
|
CWE-78
OS Command
|
CVE-2017-2866
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247979
|
7.5 |
HIGH
Adjacent
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An at…
|
NVD-CWE-noinfo
|
CVE-2017-2865
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247980
|
9.8 |
CRITICAL
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be retur…
|
CWE-287
Improper Authentication
|
CVE-2017-2864
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
