Vulnerabilities > Orpak

DATE CVE VULNERABILITY TITLE RISK
2019-06-03 CVE-2017-14854 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Orpak Siteomat 6.4.414.084
A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution.
network
low complexity
orpak CWE-119
critical
9.8
2019-06-03 CVE-2017-14853 Code Injection vulnerability in Orpak Siteomat 6.4.414.084
The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command.
network
low complexity
orpak CWE-94
critical
9.8
2019-06-03 CVE-2017-14852 Cryptographic Issues vulnerability in Orpak Siteomat
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate.
network
low complexity
orpak CWE-310
critical
9.8
2019-06-03 CVE-2017-14851 SQL Injection vulnerability in Orpak Siteomat
A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25.
network
low complexity
orpak CWE-89
critical
9.8
2019-06-03 CVE-2017-14850 Cross-site Scripting vulnerability in Orpak Siteomat
All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation.
network
low complexity
orpak CWE-79
6.1
2019-06-03 CVE-2017-14728 Use of Hard-coded Credentials vulnerability in Orpak Siteomat
An authentication bypass was found in an unknown area of the SiteOmat source code.
network
low complexity
orpak CWE-798
critical
9.8