|
252601
|
7.5 |
HIGH
Network
|
insteon
|
insteon_hub_firmware
|
An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An …
|
CWE-287
Improper Authentication
|
CVE-2017-16348
|
2024-11-21 12:16 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252602
|
9.8 |
CRITICAL
Network
|
tridium
|
niagara
niagara_ax_framework
|
An attacker can log into the local Niagara platform (Niagara AX Framework Versions 3.8 and prior or Niagara 4 Framework Versions 4.4 and prior) using a disabled account name and a blank password, gra…
|
CWE-287
Improper Authentication
|
CVE-2017-16748
|
2024-11-21 12:16 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252603
|
7.2 |
HIGH
Network
|
tridium
|
niagara_ax_framework
niagara
|
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid pl…
|
CWE-22
Path Traversal
|
CVE-2017-16744
|
2024-11-21 12:16 |
2018-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252604
|
5.9 |
MEDIUM
Network
|
sensiolabs
debian
|
symfony
debian_linux
|
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different token…
|
NVD-CWE-noinfo
|
CVE-2017-16653
|
2024-11-21 12:16 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252605
|
8.1 |
HIGH
Network
|
insteon
|
hub_firmware
|
Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should se…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-16252
|
2024-11-21 12:16 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252606
|
6.5 |
MEDIUM
Network
|
sensiolabs
debian
|
symfony
debian_linux
|
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST …
|
CWE-20
Improper Input Validation
|
CVE-2017-16790
|
2024-11-21 12:16 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252607
|
7.5 |
HIGH
Network
|
sensiolabs
debian
|
symfony
debian_linux
|
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the …
|
CWE-22
Path Traversal
|
CVE-2017-16654
|
2024-11-21 12:16 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252608
|
8.1 |
HIGH
Network
|
sap
|
business_planning_and_consolidation
|
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in info…
|
CWE-611
XXE
|
CVE-2017-16349
|
2024-11-21 12:16 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252609
|
9.9 |
CRITICAL
Network
|
insteon
|
hub_firmware
|
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to th…
|
CWE-120
Classic Buffer Overflow
|
CVE-2017-16347
|
2024-11-21 12:16 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252610
|
9.9 |
CRITICAL
Network
|
insteon
|
hub_firmware
|
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to th…
|
CWE-120
Classic Buffer Overflow
|
CVE-2017-16346
|
2024-11-21 12:16 |
2018-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
