Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-16725 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xiongmaitech products A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. | 9.8 |
| 2017-12-20 | CVE-2017-17794 | Unspecified vulnerability in Blogotext Project Blogotext validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. | 9.8 |
| 2017-12-20 | CVE-2017-17790 | Injection vulnerability in Ruby-Lang Ruby The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. | 9.8 |
| 2017-12-20 | CVE-2017-17779 | SQL Injection vulnerability in Paid to Read Script Project Paid to Read Script 2.0.5 Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | 9.8 |
| 2017-12-20 | CVE-2017-17777 | Improper Authentication vulnerability in Paid to Read Script Project Paid to Read Script 2.0.5 Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. | 9.8 |
| 2017-12-19 | CVE-2017-17761 | Unspecified vulnerability in Ichano Athome IP Camera Firmware An issue was discovered on Ichano AtHome IP Camera devices. | 9.8 |
| 2017-12-19 | CVE-2017-17759 | Unspecified vulnerability in Conarc Ichannel Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service). | 9.8 |
| 2017-12-19 | CVE-2017-17107 | Use of Hard-coded Credentials vulnerability in Zivif Pr115-204-P-Rs Firmware 2.3.4.2103 Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. | 9.8 |
| 2017-12-19 | CVE-2017-17106 | Insufficiently Protected Credentials vulnerability in Zivif Pr115-204-P-Rs Firmware 2.3.4.2103 Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. | 9.8 |
| 2017-12-19 | CVE-2017-17105 | OS Command Injection vulnerability in Zivif Pr115-204-P-Rs Firmware 2.3.4.2103/4.7.4.2121 Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request. | 9.8 |