|
266821
|
6.5 |
MEDIUM
Network
|
symantec
|
it_management_suite
|
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0.
|
CWE-20
Improper Input Validation
|
CVE-2016-6589
|
2024-11-21 11:56 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266822
|
8.8 |
HIGH
Network
|
filecloud
|
filecloud
|
CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, p…
|
CWE-352
Origin Validation Error
|
CVE-2016-6578
|
2024-11-21 11:56 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266823
|
9.8 |
CRITICAL
Network
|
sungardas
|
etrakit3
|
The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unaut…
|
CWE-89
SQL Injection
|
CVE-2016-6566
|
2024-11-21 11:56 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266824
|
7.5 |
HIGH
Network
|
imagely
|
nextgen_gallery
|
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user t…
|
CWE-20
Improper Input Validation
|
CVE-2016-6565
|
2024-11-21 11:56 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266825
|
7.5 |
HIGH
Adjacent
|
mitel
|
shortel_mobility_client
|
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position …
|
CWE-295
Improper Certificate Validation
|
CVE-2016-6562
|
2024-11-21 11:56 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266826
|
9.8 |
CRITICAL
Network
|
synology
|
ds107_firmware
ds213_firmware
ds116_firmware
|
Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A re…
|
CWE-255
Credentials Management
|
CVE-2016-6554
|
2024-11-21 11:56 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266827
|
9.8 |
CRITICAL
Network
|
nuuo
|
nt-4040_titan_firmware
|
Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulne…
|
CWE-255
Credentials Management
|
CVE-2016-6553
|
2024-11-21 11:56 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266828
|
9.8 |
CRITICAL
Network
|
greenpacket
|
dx-350_firmware
|
Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.
|
CWE-255
Credentials Management
|
CVE-2016-6552
|
2024-11-21 11:56 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266829
|
9.8 |
CRITICAL
Network
|
intelliantech
|
v60_firmware
v60ka_firmware
v65_firmware
v80g_firmware
t80w_firmware
t80q_firmware
t100w_firmware
t100q_firmware
t110w_firmware
t110q_firmware
t130w_firmware
t130q_fi…
|
Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access…
|
CWE-255
Credentials Management
|
CVE-2016-6551
|
2024-11-21 11:56 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266830
|
4.3 |
MEDIUM
Adjacent
|
nutspace
|
nut_mobile
|
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute.
|
CWE-287
Improper Authentication
|
CVE-2016-6549
|
2024-11-21 11:56 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
