|
251061
|
7.5 |
HIGH
Network
|
carlosgavazzi
|
vmu-c_em_firmware
vmu-c_pv_firmware
|
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
|
CWE-200
Information Exposure
|
CVE-2017-5146
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251062
|
10.0 |
CRITICAL
Network
|
carlosgavazzi
|
vmu-c_em_firmware
vmu-c_pv_firmware
|
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vuln…
|
CWE-352
Origin Validation Error
|
CVE-2017-5145
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251063
|
9.8 |
CRITICAL
Network
|
carlosgavazzi
|
vmu-c_em_firmware
vmu-c_pv_firmware
|
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions wi…
|
NVD-CWE-noinfo
|
CVE-2017-5144
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251064
|
8.6 |
HIGH
Network
|
honeywell
|
xl_web_ii_controller
|
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal…
|
CWE-22
Path Traversal
|
CVE-2017-5143
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251065
|
9.1 |
CRITICAL
Network
|
honeywell
|
xl_web_ii_controller
|
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the pa…
|
CWE-269
Improper Privilege Management
|
CVE-2017-5142
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251066
|
6.0 |
MEDIUM
Network
|
honeywell
|
xl_web_ii_controller
|
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invali…
|
CWE-384
Session Fixation
|
CVE-2017-5141
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251067
|
9.8 |
CRITICAL
Network
|
honeywell
|
xl_web_ii_controller
|
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-5140
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251068
|
9.8 |
CRITICAL
Network
|
honeywell
|
xl_web_ii_controller
|
An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a speci…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-5139
|
2024-11-21 12:27 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251069
|
5.9 |
MEDIUM
Network
|
xabber
|
xabber
|
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…
|
CWE-20
CWE-346
Improper Input Validation
Origin Validation Error
|
CVE-2017-5606
|
2024-11-21 12:27 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251070
|
5.9 |
MEDIUM
Network
|
movim
|
movim
|
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This…
|
CWE-20
CWE-346
Improper Input Validation
Origin Validation Error
|
CVE-2017-5605
|
2024-11-21 12:27 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
