|
250761
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack…
|
CWE-89
SQL Injection
|
CVE-2017-5154
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250762
|
7.8 |
HIGH
Local
|
osisoft
|
pi_coresight
pi_web_api
|
An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure thr…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-5153
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250763
|
9.1 |
CRITICAL
Network
|
advantech
|
webaccess
|
An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICA…
|
CWE-287
Improper Authentication
|
CVE-2017-5152
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250764
|
7.3 |
HIGH
Network
|
panasonic
|
video_insight_web_client
|
An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution.
|
CWE-89
SQL Injection
|
CVE-2017-5151
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250765
|
7.5 |
HIGH
Network
|
carlosgavazzi
|
vmu-c_em_firmware
vmu-c_pv_firmware
|
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
|
CWE-200
Information Exposure
|
CVE-2017-5146
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250766
|
10.0 |
CRITICAL
Network
|
carlosgavazzi
|
vmu-c_em_firmware
vmu-c_pv_firmware
|
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vuln…
|
CWE-352
Origin Validation Error
|
CVE-2017-5145
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250767
|
9.8 |
CRITICAL
Network
|
carlosgavazzi
|
vmu-c_em_firmware
vmu-c_pv_firmware
|
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions wi…
|
NVD-CWE-noinfo
|
CVE-2017-5144
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250768
|
8.6 |
HIGH
Network
|
honeywell
|
xl_web_ii_controller
|
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal…
|
CWE-22
Path Traversal
|
CVE-2017-5143
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250769
|
9.1 |
CRITICAL
Network
|
honeywell
|
xl_web_ii_controller
|
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the pa…
|
CWE-269
Improper Privilege Management
|
CVE-2017-5142
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250770
|
6.0 |
MEDIUM
Network
|
honeywell
|
xl_web_ii_controller
|
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invali…
|
CWE-384
Session Fixation
|
CVE-2017-5141
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
