|
266761
|
9.8 |
CRITICAL
Network
|
systech
|
syslink_sl-1000_modular_gateway_firmware
|
The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access vi…
|
CWE-255
Credentials Management
|
CVE-2016-2331
|
2024-11-21 11:48 |
2016-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266762
|
8.2 |
HIGH
Local
|
symantec
|
messaging_gateway
|
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.
|
CWE-74
Injection
|
CVE-2016-2204
|
2024-11-21 11:48 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266763
|
7.8 |
HIGH
Local
|
symantec
|
messaging_gateway
|
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges.
|
CWE-255
Credentials Management
|
CVE-2016-2203
|
2024-11-21 11:48 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266764
|
8.8 |
HIGH
Adjacent
|
lemurmonitors
|
bluedriver
|
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leverag…
|
CWE-284
Improper Access Control
|
CVE-2016-2354
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266765
|
7.5 |
HIGH
Network
|
ecava
|
integraxor
|
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
|
CWE-310
Cryptographic Issues
|
CVE-2016-2306
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266766
|
6.1 |
MEDIUM
Network
|
ecava
|
integraxor
|
Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2305
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266767
|
4.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive inf…
|
CWE-200
Information Exposure
|
CVE-2016-2304
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266768
|
5.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
|
NVD-CWE-Other
|
CVE-2016-2303
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266769
|
5.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages.
|
CWE-200
Information Exposure
|
CVE-2016-2302
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266770
|
6.3 |
MEDIUM
Network
|
ecava
|
integraxor
|
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2016-2301
|
2024-11-21 11:48 |
2016-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
