2017-03-10
2017-03-10 10:59Z
CRIT

CVE-2017-2787 — Pharos Popup: A specially crafted packet can be sent to the victim's computer and can lead

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2787

A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit. CVSSv3.1 9.0 (CRITICAL)

CWECWE 119VNDPharosTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2017-03-10
2017-03-10 10:59Z
CRIT

CVE-2017-2785 — Pharos Popup: An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2785

An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit. CVSSv3.1 10.0 (CRITICAL)

CWECWE 119VNDPharosTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2017-03-10
2017-03-10 10:59Z
HIGH

CVE-2016-8714 — R_project R: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8714

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. CVSSv3.1 8.8 (HIGH)

CWECWE 120VNDR ProjectTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-10
2017-03-10 01:59Z
CRIT

CVE-2017-6465 — Ftpshell Ftpshell_client: Remote Code Execution was discovered in FTPShell Client 6.53.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6465

Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDCodeVNDFtpshellTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-09
2017-03-09 19:59Z
HIGH

CVE-2017-6529 — Dnatools Dnalims: is vulnerable to session hijacking by guessing the UID parameter.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6529

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter. CVSSv3.1 8.8 (HIGH)

CWECWE 613VNDDnatoolsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-09
2017-03-09 19:59Z
HIGH

CVE-2017-6528 — Dnatools Dnalims: An issue was discovered in dnaTools dnaLIMS 4-2015s13.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6528

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file). CVSSv3.1 8.1 (HIGH)

CWECWE 522VNDDnatoolsTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-09
2017-03-09 19:59Z
CRIT

CVE-2017-6526 — Dnatools Dnalims: is vulnerable to unauthenticated command execution through an improperly protected administrative web shell

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6526

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests). CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDDnatoolsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-03-09
2017-03-09 17:59Z
HIGH

CVE-2017-6432 — Dahuasecurity Nvr_firmware: Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6432

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. CVSSv3.1 8.1 (HIGH)

CWECWE 319VNDDahuasecurityVNDDahuaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-09
2017-03-09 09:59Z
CRIT

CVE-2017-6558 — Iball Ib-wra150n_firmware: Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6558

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. CVSSv3.1 9.8 (CRITICAL)

CWECWE 798VNDIballVNDBatonTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-09
2017-03-09 09:59Z
HIGH

CVE-2017-6549 — Asus Rt-ac53_firmware: Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6549

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmwa CVSSv3.1 8.8 (HIGH)

CWECWE 287VNDAsusTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-09
2017-03-09 09:59Z
CRIT

CVE-2017-6548 — Asus Rt-ac53_firmware: Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-6548

Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware befo CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDAsusVNDBufferTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-08
2017-03-08 08:59Z
CRIT

CVE-2017-5178 — Schneider-electric Tableau_desktop: The default system account could be used to gain unauthorized access.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5178

An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult to configure with non-default credentials after installation, and changing the default credentials in the embedded Tableau Server is not documented. If Tableau Server is used with Windows integrated security (Active Director CVSSv3.1 9.8 (CRITICAL)

CWECWE 1188VNDSchneider ElectricVNDSchneiderTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-07
2017-03-07 17:59Z
HIGH

CVE-2016-9727 — Ibm Qradar_incident_forensics: QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9727

IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542. CVSSv3.1 8.5 (HIGH)

CWECWE 20VNDIbmTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2017-03-07
2017-03-07 17:59Z
HIGH

CVE-2016-9726 — Ibm Qradar_incident_forensics: QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9726

IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542. CVSSv3.1 8.8 (HIGH)

CWECWE 20VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-07
2017-03-07 17:59Z
HIGH

CVE-2016-9724 — Ibm Qradar_security_information_and_event_manager: QRadar 7.2 is vulnerable to a denial of service, caused by an XML

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9724

IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537. CVSSv3.1 8.1 (HIGH)

CWECWE 611VNDIbmTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-03-07
2017-03-07 17:59Z
HIGH

CVE-2016-8940 — Ibm Tivoli_storage_manager: The access of these product specific database tables may allow access to passwords or

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8940

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946. CVSSv3.1 8.8 (HIGH)

CWECWE 200VNDIbmTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-03-07
2017-03-07 16:59Z
CRIT

CVE-2016-9087 — Exponentcms Exponent_cms: SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9087

SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-07
2017-03-07 16:59Z
CRIT

CVE-2016-9020 — Exponentcms Exponent_cms: SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9020

SQL injection vulnerability in framework/modules/help/controllers/helpController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-07
2017-03-07 16:59Z
CRIT

CVE-2016-9019 — Exponentcms Exponent_cms: SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9019

SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-07
2017-03-07 16:59Z
CRIT

CVE-2016-8863 — Libupnp_project Libupnp: Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8863

Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDHeapVNDLibupnp ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-07
2017-03-07 16:59Z
CRIT

CVE-2016-7789 — Exponentcms Exponent_cms: SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7789

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-07
2017-03-07 16:59Z
CRIT

CVE-2016-7788 — Exponentcms Exponent_cms: SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7788

SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-07
2017-03-07 16:59Z
CRIT

CVE-2016-7784 — Exponentcms Exponent_cms: SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7784

SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-07
2017-03-07 16:59Z
CRIT

CVE-2016-7783 — Exponentcms Exponent_cms: SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7783

SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-03-07
2017-03-07 16:59Z
CRIT

CVE-2016-7782 — Exponentcms Exponent_cms: SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7782

SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 89VNDExponentcmsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score