31 matches found
CVE-2018-18878
In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...
CVE-2018-18876
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a readoutsrd.php directory traversal issue makes it possible to read any file present on the underlying operating system...
CVE-2018-18879
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
EUVD-2018-10588
Malware in sbrugna...
EUVD-2018-10591
Malware in sbrugna...
EUVD-2018-10587
Malware in sbrugna...
CVE-2018-18880
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script...
CVE-2018-18875
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php...
CVE-2018-18877
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page configmain.php that allows manipulation of the device...
CVE-2018-18877
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page configmain.php that allows manipulation of the device...
CVE-2018-18875
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php...
CVE-2018-18878
In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...
CVE-2018-18876
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a readoutsrd.php directory traversal issue makes it possible to read any file present on the underlying operating system...
CVE-2018-18875
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php...
Directory traversal
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a readoutsrd.php directory traversal issue makes it possible to read any file present on the underlying operating system...
Input validation
In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...
CVE-2018-18875
CVE-2018-18875 affects Columbia Weather Systems Weather MicroServer firmware MS_2.6.9900 (and prior). It is a stored XSS vulnerability in changestationname.php that could let remote authenticated users inject arbitrary web script. The ICS-CERT advisory notes a fixed firmware MS_2.7.9973 and recom...
CVE-2018-18875
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting XSS vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php...
CVE-2018-18876
CVE-2018-18876 affects Columbia Weather Systems Weather MicroServer firmware MS_2.6.9900 (and earlier). A path traversal vulnerability in readouts_rd.php could allow an attacker over the network to read files from the underlying OS, with confidentiality impact (C:L) and no integrity/availability ...
CVE-2018-18876
In firmware version MS2.6.9900 of Columbia Weather MicroServer, a readoutsrd.php directory traversal issue makes it possible to read any file present on the underlying operating system...