Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27300 of 28220

CVE-2017-6532

Posted by Cyberthreat Blog | Jul 20, 2017 | CVE Notifications |

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.

CVE-2017-6531

Posted by Cyberthreat Blog | Jul 20, 2017 | CVE Notifications |

On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile.

CVE-2017-6530

Posted by Cyberthreat Blog | Jul 20, 2017 | CVE Notifications |

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change.

CVE-2017-11466

Posted by Cyberthreat Blog | Jul 19, 2017 | CVE Notifications |

Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal...

CVE-2017-11467

Posted by Cyberthreat Blog | Jul 19, 2017 | CVE Notifications |

OrientDB through 2.22 does not enforce privilege requirements during “where” or “fetchplan” or “order by” use, which allows remote attackers to execute arbitrary OS commands via a crafted...

Author: Cyberthreat Blog

CVE-2017-6532

CVE-2017-6531

CVE-2017-6530

CVE-2017-11466

CVE-2017-11467