25 matches found
EUVD-2017-5509
Malware in sbrugna...
EUVD-2017-5513
Malware in sbrugna...
EUVD-2017-5511
Malware in sbrugna...
EUVD-2017-5507
Malware in sbrugna...
CVE-2017-13998
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access...
Path traversal
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code...
Cross site scripting
A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link...
CVE-2017-13992
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution...
CVE-2017-13996
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code...
CVE-2017-13998
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access...
Authentication flaw
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution...
CVE-2017-13996
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code...
CVE-2017-13994
A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link...
Design/Logic Flaw
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access...
CVE-2017-13996
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code...
CVE-2017-13998
An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access...
CVE-2017-13992
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution...
CVE-2017-13996
CVE-2017-13996 affects LOYTEC LVIS-3ME web UI prior to firmware 6.2.0. The vulnerability is a Relative Path Traversal in the LVIS-3ME interface, which can allow access to sensitive files and potentially enable an attacker to create/modify files or execute arbitrary code. Affected product: LVIS-3M...
CVE-2017-13994
LOYTEC LVIS-3ME web interface (versions
CVE-2017-13992
The CVE-2017-13992 entry documents an Insufficient Entropy issue in LOYTEC LVIS-3ME, affected in versions prior to 6.2.0. The web interface authentication relies on weak RNG, which could enable remote code execution. Several sources (NVD, CVE listing, CNVD, PRION, etc.) confirm the issue and link...