|
259551
|
5.9 |
MEDIUM
Network
|
dlink
|
dir-850l_firmware
|
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Servic…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-14419
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259552
|
8.1 |
HIGH
Network
|
dlink
|
dir-850l_firmware
|
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-14418
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259553
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-850l_firmware
|
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-14417
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259554
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14416
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259555
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14415
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259556
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14414
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259557
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-850l_firmware
|
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14413
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259558
|
6.3 |
MEDIUM
Local
|
unicon-software
|
rp
|
In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to…
|
CWE-269
Improper Privilege Management
|
CVE-2017-14124
|
2024-11-21 12:12 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259559
|
7.8 |
HIGH
Local
|
razer
|
synapse
|
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalM…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14398
|
2024-11-21 12:12 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259560
|
7.8 |
HIGH
Local
|
mp3gain
|
mp3gain
|
An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-14412
|
2024-11-21 12:12 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
