CVE-2017-9298 CVSS:0.0
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-9294 CVSS:0.0
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-9135 CVSS:9.0
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program like cURL. There is one test accessible via cURL that does not properly sanitize user input, allowing an attacker to execute shell commands as the root user. (Last Update:2017-05-26) (Publish Update:2017-05-21)
CVE-2017-9133 CVSS:9.0
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user. (Last Update:2017-05-26) (Publish Update:2017-05-21)
CVE-2017-9131 CVSS:5.0
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka "unauthenticated remote command execution." This command can be re-sent endlessly to act as a DoS attack on the client. (Last Update:2017-05-26) (Publish Update:2017-05-21)
CVE-2017-9115 CVSS:0.0
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. (Last Update:2017-05-21) (Publish Update:2017-05-21)
CVE-2017-9113 CVSS:0.0
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. (Last Update:2017-05-21) (Publish Update:2017-05-21)
CVE-2017-9111 CVSS:0.0
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. (Last Update:2017-05-21) (Publish Update:2017-05-21)
CVE-2017-9101 CVSS:0.0
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. (Last Update:2017-05-21) (Publish Update:2017-05-21)
CVE-2017-9080 CVSS:0.0
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. (Last Update:2017-05-19) (Publish Update:2017-05-19)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com