|
259431
|
9.8 |
CRITICAL
Network
|
moxa
|
eds-g512e_firmware
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are sto…
|
CWE-200
Information Exposure
|
CVE-2017-13701
|
2024-11-21 12:11 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259432
|
7.5 |
HIGH
Network
|
moxa
|
eds-g512e_firmware
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent …
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-13699
|
2024-11-21 12:11 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259433
|
7.5 |
HIGH
Network
|
moxa
|
eds-g512e_firmware
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them agains…
|
NVD-CWE-noinfo
|
CVE-2017-13698
|
2024-11-21 12:11 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259434
|
7.5 |
HIGH
Network
|
moxa
|
eds-g512e_firmware
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.
|
CWE-20
Improper Input Validation
|
CVE-2017-13703
|
2024-11-21 12:11 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259435
|
5.3 |
MEDIUM
Network
|
moxa
|
eds-g512e_firmware
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.
|
CWE-200
Information Exposure
|
CVE-2017-13702
|
2024-11-21 12:11 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259436
|
4.8 |
MEDIUM
Network
|
moxa
|
eds-g512e_firmware
|
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.
|
CWE-79
Cross-site Scripting
|
CVE-2017-13700
|
2024-11-21 12:11 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259437
|
8.8 |
HIGH
Network
|
libbpg_project
|
libbpg
|
The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-13136
|
2024-11-21 12:11 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259438
|
7.8 |
HIGH
Local
|
libbpg_project
|
libbpg
|
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-13135
|
2024-11-21 12:11 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259439
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
wonderware_intouch
wonderware_indusoft_web_studio
|
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14024
|
2024-11-21 12:11 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259440
|
7.8 |
HIGH
Local
|
automationdirect
|
click_plc_firmware
c-more_plc_firmware
c-more_micro_firmware
gs_drives_fimware
sl-soft_solo_temperature_controller_firmware
|
In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number E…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-14020
|
2024-11-21 12:11 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
