Security Vulnerabilities - CVEs Published In May 2016
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.73
Published
2016-05-14
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
CVSS Score
9.4
EPSS Score
0.006
Published
2016-05-14
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVSS Score
9.4
EPSS Score
0.746
Published
2016-05-14
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-05-14
The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.
CVSS Score
4.3
EPSS Score
0.001
Published
2016-05-14
Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory.
CVSS Score
5.5
EPSS Score
0.001
Published
2016-05-14
HPE System Management Homepage before 7.5.5 allows local users to obtain sensitive information or modify data via unspecified vectors.
CVSS Score
7.1
EPSS Score
0.007
Published
2016-05-14
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVSS Score
9.8
EPSS Score
0.773
Published
2016-05-14
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-05-14
Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 23.0.0.3-IF0001, and 24 before 24.0.0.0-IF0003 allows remote authenticated users to execute arbitrary code via a long argument.
CVSS Score
6.5
EPSS Score
0.013
Published
2016-05-14