Latest CVE Feed
-
7.2
HIGHCVE-2017-12078
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.... Read more
Affected Products : router_manager- EPSS Score: %5.65
- Published: Jun. 08, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-12070
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.... Read more
Affected Products : ua-.net-legacy- EPSS Score: %0.44
- Published: Jun. 14, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-11740
In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that... Read more
Affected Products : manageengine_applications_manager- EPSS Score: %2.10
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-11739
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget ... Read more
Affected Products : manageengine_applications_manager- EPSS Score: %2.37
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2017-11738
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.... Read more
Affected Products : manageengine_applications_manager- EPSS Score: %1.14
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2017-11672
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.... Read more
Affected Products : local_discovery_server- EPSS Score: %0.04
- Published: Jun. 13, 2018
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-11650
Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp.... Read more
- EPSS Score: %0.22
- Published: Mar. 07, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-11649
Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors in... Read more
- EPSS Score: %0.14
- Published: Mar. 07, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-11635
An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.... Read more
Affected Products : wireless_ip_camera_360- EPSS Score: %0.32
- Published: Feb. 26, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-11634
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password o... Read more
Affected Products : wireless_ip_camera_360- EPSS Score: %2.59
- Published: Feb. 26, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-11633
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.... Read more
Affected Products : wireless_ip_camera_360- EPSS Score: %0.33
- Published: Feb. 26, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-11632
An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.... Read more
Affected Products : wireless_ip_camera_360- EPSS Score: %2.59
- Published: Feb. 26, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-11580
Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any... Read more
- EPSS Score: %0.50
- Published: Jul. 02, 2019
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2017-11579
In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user... Read more
- EPSS Score: %0.76
- Published: Jul. 02, 2019
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2017-11578
It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web manageme... Read more
- EPSS Score: %1.41
- Published: Jul. 02, 2019
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2017-11564
The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.... Read more
- EPSS Score: %2.97
- Published: Aug. 24, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2017-11563
D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker... Read more
- EPSS Score: %15.67
- Published: Aug. 24, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-11561
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.... Read more
Affected Products : manageengine_opmanager- EPSS Score: %0.82
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2017-11560
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded ... Read more
Affected Products : manageengine_opmanager- EPSS Score: %1.78
- Published: May. 23, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-11559
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.... Read more
Affected Products : manageengine_opmanager- EPSS Score: %7.93
- Published: May. 23, 2019
- Modified: Nov. 21, 2024