|
254831
|
8.8 |
HIGH
Network
|
xplico
|
xplico
|
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentic…
|
CWE-78
OS Command
|
CVE-2017-16666
|
2024-11-21 12:16 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254832
|
7.5 |
HIGH
Network
|
advantech
|
webaccess
|
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.
|
CWE-20
Improper Input Validation
|
CVE-2017-16753
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254833
|
7.5 |
HIGH
Network
|
advantech
|
webaccess
|
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invali…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16728
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254834
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16724
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254835
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
|
CWE-22
Path Traversal
|
CVE-2017-16720
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254836
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
|
CWE-89
SQL Injection
|
CVE-2017-16716
|
2024-11-21 12:16 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254837
|
4.8 |
MEDIUM
Network
|
synology
|
mailplus_server
|
Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16768
|
2024-11-21 12:16 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254838
|
6.5 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML vi…
|
CWE-74
Injection
|
CVE-2017-16766
|
2024-11-21 12:16 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254839
|
9.1 |
CRITICAL
Network
|
moxa
|
nport_w2150a_firmware
nport_w2250a_firmware
|
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user c…
|
CWE-521
Weak Password Requirements
|
CVE-2017-16727
|
2024-11-21 12:16 |
2017-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254840
|
5.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
|
CWE-89
SQL Injection
|
CVE-2017-16735
|
2024-11-21 12:16 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
