|
250841
|
7.5 |
HIGH
Network
|
advantech
|
webaccess
|
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invali…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16728
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250842
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16724
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250843
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
|
CWE-22
Path Traversal
|
CVE-2017-16720
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250844
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
|
CWE-89
SQL Injection
|
CVE-2017-16716
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250845
|
4.8 |
MEDIUM
Network
|
synology
|
mailplus_server
|
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16768
|
2024-11-21 12:16 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250846
|
6.5 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML vi…
|
CWE-74
Injection
|
CVE-2017-16766
|
2024-11-21 12:16 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250847
|
9.1 |
CRITICAL
Network
|
moxa
|
nport_w2150a_firmware
nport_w2250a_firmware
|
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user c…
|
CWE-521
Weak Password Requirements
|
CVE-2017-16727
|
2024-11-21 12:16 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250848
|
5.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
|
CWE-89
SQL Injection
|
CVE-2017-16735
|
2024-11-21 12:16 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250849
|
5.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information …
|
CWE-89
SQL Injection
|
CVE-2017-16733
|
2024-11-21 12:16 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250850
|
8.8 |
HIGH
Adjacent
|
hitachienergy
|
ellipse
|
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentic…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-16731
|
2024-11-21 12:16 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
