|
248011
|
7.5 |
HIGH
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote atta…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-8221
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248012
|
9.9 |
CRITICAL
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP P…
|
CWE-78
OS Command
|
CVE-2017-8220
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248013
|
6.5 |
MEDIUM
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
|
CWE-20
Improper Input Validation
|
CVE-2017-8219
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248014
|
9.8 |
CRITICAL
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password,…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2017-8218
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248015
|
5.3 |
MEDIUM
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
|
CWE-862
Missing Authorization
|
CVE-2017-8217
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248016
|
5.3 |
MEDIUM
Network
|
modx
|
modx_revolution
|
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.
|
CWE-22
Path Traversal
|
CVE-2017-8115
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248017
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
|
CWE-200
Information Exposure
|
CVE-2017-8057
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248018
|
6.5 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-7989
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248019
|
5.3 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
|
NVD-CWE-noinfo
|
CVE-2017-7988
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248020
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7987
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
