CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7915
https://notcve.org/view.php?id=CVE-2015-7915
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. Sauter EY-WS505F0x0 moduWeb Vision en versiones anteriores a 1.6.0 envía las credenciales en texto plano, lo que permite a atacantes remotos obtener información sensible rastreando la red. • http://seclists.org/fulldisclosure/2016/Feb/25 https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7914
https://notcve.org/view.php?id=CVE-2015-7914
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. Sauter EY-WS505F0x0 moduWeb Vision en versiones anteriores a 1.6.0 permite a atacantes remotos eludir la autenticación aprovechando el conocimiento de un hash de contraseña sin el conocimientio de la contraseña asociada. • http://seclists.org/fulldisclosure/2016/Feb/25 https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01 • CWE-254: 7PK - Security Features CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7916
https://notcve.org/view.php?id=CVE-2015-7916
Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. Vulnerabilidad de XSS en Sauter EY-WS505F0x0 moduWeb Vision en versiones anteriores a 1.6.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una consulta manipulada. • http://seclists.org/fulldisclosure/2016/Feb/25 https://ics-cert.us-cert.gov/advisories/ICSA-16-033-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •