|
268651
|
6.1 |
MEDIUM
Network
|
emon-cms
|
deraemon-cms
|
Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7813
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268652
|
8.8 |
HIGH
Adjacent
|
corega
|
cg-wlr300nx_firmware
|
Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-7811
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268653
|
4.8 |
MEDIUM
Network
|
corega
|
cg-wlr300nx_firmware
|
Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7810
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268654
|
8.8 |
HIGH
Network
|
corega
|
cg-wlr300nx_firmware
|
Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended opera…
|
CWE-352
Origin Validation Error
|
CVE-2016-7809
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268655
|
6.1 |
MEDIUM
Network
|
corega
|
cg-wlbaragm_firmware
cg-wlbargnl_firmware
|
Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7808
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268656
|
7.5 |
HIGH
Network
|
iodata
|
wfs-sr01_firmware
|
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-7807
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268657
|
9.8 |
CRITICAL
Network
|
iodata
|
wfs-sr01_firmware
|
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2016-7806
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268658
|
5.9 |
MEDIUM
Network
|
unisys
|
mobigate
|
The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacke…
|
CWE-295
Improper Certificate Validation
|
CVE-2016-7805
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268659
|
8.8 |
HIGH
Network
|
cybozu
|
garoon
|
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
|
CWE-89
SQL Injection
|
CVE-2016-7803
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268660
|
6.5 |
MEDIUM
Network
|
cybozu
|
garoon
|
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2016-7802
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
