Latest CVE Feed
-
8.8
HIGHCVE-2017-12789
Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.... Read more
Affected Products : metinfo- Published: May. 10, 2019
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2017-12788
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.... Read more
Affected Products : metinfo- Published: May. 09, 2019
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2017-12778
The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\q... Read more
Affected Products : qbittorrent- Published: May. 09, 2019
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-12761
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecan... Read more
Affected Products : webfile_explorer- Published: May. 09, 2019
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-12760
Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).... Read more
Affected Products : mobiketa- Published: May. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-12759
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).... Read more
Affected Products : soa_school_management- Published: May. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-12758
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.... Read more
Affected Products : component_appointment- Published: May. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-12757
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and T... Read more
- Published: May. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-12729
A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access Sof... Read more
Affected Products : softcms_lab_view- Published: Jan. 18, 2018
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2017-12726
A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external comm... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2017-12725
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless ... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2017-12724
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is ... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-12723
A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to a... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2017-12722
An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths ... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2017-12721
An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) att... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2017-12720
An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2017-12718
A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer ove... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-12716
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional ... Read more
- Published: Apr. 25, 2018
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2017-12714
Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker batt... Read more
Affected Products : accent_firmware anthem_firmware accent_mri_firmware accent_st_firmware assurity_firmware allure_firmware assurity_mri_firmware accent anthem accent_mri +4 more products- Published: Apr. 25, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2017-12712
The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the... Read more
Affected Products : accent_firmware anthem_firmware accent_mri_firmware accent_st_firmware assurity_firmware allure_firmware assurity_mri_firmware accent anthem accent_mri +4 more products- Published: Apr. 25, 2018
- Modified: Nov. 21, 2024