Search Results (Refine Search)
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-5076 |
CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-5075 |
CloudView NMS before 2.10a has XSS via a TELNET login. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-5074 |
CloudView NMS before 2.10a has a format string issue exploitable over SNMP. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-5073 |
CloudView NMS before 2.10a has XSS via SNMP. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-5072 |
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-5071 |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 10.0 HIGH |
CVE-2016-5070 |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2016-5069 |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-5068 |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-5067 |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2016-5066 |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-5065 |
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-5059 |
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-5058 |
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-5057 |
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-5056 |
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-5055 |
OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-5054 |
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-5053 |
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-5052 |
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. Published: April 09, 2017; 11:59:01 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |