|
251831
|
9.9 |
CRITICAL
Network
|
insteon
|
hub_firmware
|
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-16256
|
2024-11-21 12:16 |
2023-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251832
|
7.5 |
HIGH
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 4097_1, the password in the database is stored in Base64 format.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-16632
|
2024-11-21 12:16 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251833
|
6.5 |
MEDIUM
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16631
|
2024-11-21 12:16 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251834
|
8.8 |
HIGH
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user crea…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16630
|
2024-11-21 12:16 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251835
|
7.5 |
HIGH
Network
|
sapphireims
|
sapphireims
|
In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2017-16629
|
2024-11-21 12:16 |
2021-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251836
|
4.6 |
MEDIUM
Physics
|
fermax
|
outdoor_panel_firmware
|
An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow phy…
|
CWE-863
Incorrect Authorization
|
CVE-2017-16778
|
2024-11-21 12:16 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251837
|
9.8 |
CRITICAL
Network
|
contao
|
contao_cms
|
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
|
CWE-89
SQL Injection
|
CVE-2017-16558
|
2024-11-21 12:16 |
2019-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251838
|
6.1 |
MEDIUM
Network
|
synology
|
sso_server
|
Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vec…
|
CWE-20
Improper Input Validation
|
CVE-2017-16775
|
2024-11-21 12:16 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251839
|
5.4 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16774
|
2024-11-21 12:16 |
2019-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251840
|
8.1 |
HIGH
Network
|
insteon
|
hub_firmware
|
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a …
|
CWE-120
Classic Buffer Overflow
|
CVE-2017-16255
|
2024-11-21 12:16 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
