Latest CVE Feed
-
8.8
HIGHCVE-2017-12585
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.... Read more
Affected Products : akasia- Published: Aug. 06, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-12584
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled pa... Read more
Affected Products : senayan_library_management_system- Published: Aug. 06, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-12583
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.... Read more
Affected Products : dokuwiki- Published: Aug. 06, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-12581
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precon... Read more
- Published: Aug. 06, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-12568
Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets.... Read more
- Published: Aug. 06, 2017
- Modified: Apr. 20, 2025
-
4.8
MEDIUMCVE-2017-12572
Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.... Read more
Affected Products : splunk- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-12566
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c.... Read more
Affected Products : imagemagick- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-12565
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.... Read more
Affected Products : imagemagick- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-12564
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.... Read more
Affected Products : imagemagick- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
7.1
HIGHCVE-2017-12563
In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service.... Read more
Affected Products : imagemagick- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9864
An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policies and random-number generators based on timestamps, and... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-9863
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to c... Read more
Affected Products : sunny_explorer sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware +69 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9862
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt ... Read more
Affected Products : sunny_explorer- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9861
An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to succ... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-9860
An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version th... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9859
An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack t... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-9858
An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now kno... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
8.1
HIGHCVE-2017-9857
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentic... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9856
An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext p... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9855
An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any suc... Read more
Affected Products : sunny_boy_3600_firmware sunny_boy_5000_firmware sunny_tripower_core1_firmware sunny_tripower_15000tl_firmware sunny_tripower_20000tl_firmware sunny_tripower_25000tl_firmware sunny_tripower_5000tl_firmware sunny_tripower_12000tl_firmware sunny_tripower_60_firmware sunny_boy_3000tl_firmware +68 more products- Published: Aug. 05, 2017
- Modified: Apr. 20, 2025