|
256081
|
7.2 |
HIGH
Network
|
crestron
|
airmedia_am-100_firmware
airmedia_am-101_firmware
|
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-16709
|
2024-11-21 12:16 |
2018-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256082
|
8.8 |
HIGH
Network
|
synology
|
universal_search
|
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.
|
CWE-863
Incorrect Authorization
|
CVE-2017-16773
|
2024-11-21 12:16 |
2018-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256083
|
9.1 |
CRITICAL
Network
|
beckhoff
|
twincat
|
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not …
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-16726
|
2024-11-21 12:16 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256084
|
5.9 |
MEDIUM
Network
|
beckhoff
|
twincat
|
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via A…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-16718
|
2024-11-21 12:16 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256085
|
6.1 |
MEDIUM
Network
|
sensiolabs
debian
|
symfony
debian_linux
|
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler t…
|
CWE-601
Open Redirect
|
CVE-2017-16652
|
2024-11-21 12:16 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256086
|
9.8 |
CRITICAL
Network
|
static-eval_project
|
static-eval
|
The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing ar…
|
CWE-20
Improper Input Validation
|
CVE-2017-16226
|
2024-11-21 12:16 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256087
|
7.5 |
HIGH
Network
|
aegir_project
|
aegir
|
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token.
|
CWE-200
Information Exposure
|
CVE-2017-16225
|
2024-11-21 12:16 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256088
|
7.5 |
HIGH
Network
|
nodeaaaaa_project
|
nodeaaaaa
|
nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16223
|
2024-11-21 12:16 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256089
|
5.3 |
MEDIUM
Network
|
elding_project
|
elding
|
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limit…
|
CWE-22
Path Traversal
|
CVE-2017-16222
|
2024-11-21 12:16 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256090
|
7.5 |
HIGH
Network
|
yzt_project
|
yzt
|
yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16221
|
2024-11-21 12:16 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
