|
257761
|
7.5 |
HIGH
Network
|
qnap
|
qts_helpdesk
|
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attack…
|
CWE-89
SQL Injection
|
CVE-2017-13068
|
2024-11-21 12:10 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257762
|
7.8 |
HIGH
Local
|
myscada
|
mypro
|
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2017-12730
|
2024-11-21 12:10 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257763
|
6.8 |
MEDIUM
Adjacent
|
ge
|
intelligent_platforms_proficy_hmi\/scada_cimplicity
|
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allow…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12732
|
2024-11-21 12:10 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257764
|
7.8 |
HIGH
Local
|
spidercontrol
|
scada_webserver
|
An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executable…
|
CWE-269
Improper Privilege Management
|
CVE-2017-12728
|
2024-11-21 12:10 |
2017-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257765
|
9.9 |
CRITICAL
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-12822
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257766
|
9.8 |
CRITICAL
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12821
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257767
|
7.5 |
HIGH
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12820
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257768
|
9.8 |
CRITICAL
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
|
CWE-287
Improper Authentication
|
CVE-2017-12819
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257769
|
7.5 |
HIGH
Network
|
sentinel
|
sentinel_ldk_rte_firmware
|
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12818
|
2024-11-21 12:10 |
2017-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257770
|
6.1 |
MEDIUM
Network
|
nexusphp_project
|
nexusphp
|
Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) a…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12792
|
2024-11-21 12:10 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
