|
251971
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
|
CWE-22
Path Traversal
|
CVE-2017-16720
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251972
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
|
CWE-89
SQL Injection
|
CVE-2017-16716
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251973
|
4.8 |
MEDIUM
Network
|
synology
|
mailplus_server
|
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16768
|
2024-11-21 12:16 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251974
|
6.5 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML vi…
|
CWE-74
Injection
|
CVE-2017-16766
|
2024-11-21 12:16 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251975
|
9.1 |
CRITICAL
Network
|
moxa
|
nport_w2150a_firmware
nport_w2250a_firmware
|
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user c…
|
CWE-521
Weak Password Requirements
|
CVE-2017-16727
|
2024-11-21 12:16 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251976
|
5.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
|
CWE-89
SQL Injection
|
CVE-2017-16735
|
2024-11-21 12:16 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251977
|
5.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information …
|
CWE-89
SQL Injection
|
CVE-2017-16733
|
2024-11-21 12:16 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251978
|
8.8 |
HIGH
Adjacent
|
hitachienergy
|
ellipse
|
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentic…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-16731
|
2024-11-21 12:16 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251979
|
9.8 |
CRITICAL
Network
|
xiongmaitech
|
ahb7008f8-h_firmware
ahb7008f4-h_firmware
ahb7008f2-h_firmware
ahb7008t-mh-v2_firmware
ahb7004t-mh-v2_firmware
ahb7004t-h-v2_firmware
ahb7016t-lm-v2_firmware
ahb7008t-lm-v2_firmw…
|
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identifie…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16725
|
2024-11-21 12:16 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251980
|
8.6 |
HIGH
Network
|
we-con
|
levi_studio_hmi
|
A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16717
|
2024-11-21 12:16 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
