|
248671
|
9.8 |
CRITICAL
Network
|
abb
|
ip_gateway_firmware
|
In ABB IP GATEWAY 3.39 and prior, some configuration files contain passwords stored in plain-text, which may allow an attacker to gain unauthorized access.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-7933
|
2024-11-21 12:32 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248672
|
9.8 |
CRITICAL
Network
|
abb
|
ip_gateway_firmware
|
In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the configuration files and application pages without au…
|
CWE-287
Improper Authentication
|
CVE-2017-7931
|
2024-11-21 12:32 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248673
|
8.8 |
HIGH
Network
|
abb
|
ip_gateway_firmware
|
In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating tha…
|
CWE-352
Origin Validation Error
|
CVE-2017-7906
|
2024-11-21 12:32 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248674
|
5.3 |
MEDIUM
Network
|
qnap
|
nas_proxy_server
|
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
|
CWE-287
Improper Authentication
|
CVE-2017-7639
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248675
|
9.8 |
CRITICAL
Network
|
qnap
|
nas_proxy_server
|
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
|
CWE-78
OS Command
|
CVE-2017-7637
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248676
|
6.1 |
MEDIUM
Network
|
qnap
|
nas_proxy_server
|
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7636
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248677
|
8.8 |
HIGH
Network
|
qnap
|
nas_proxy_server
|
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
|
CWE-352
Origin Validation Error
|
CVE-2017-7635
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248678
|
7.5 |
HIGH
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of serv…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-7654
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248679
|
5.3 |
MEDIUM
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect the…
|
CWE-20
Improper Input Validation
|
CVE-2017-7653
|
2024-11-21 12:32 |
2018-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248680
|
7.5 |
HIGH
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lo…
|
NVD-CWE-noinfo
|
CVE-2017-7652
|
2024-11-21 12:32 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
