MidnightBSD

Advisories for meteocontrol

CVE-2016-2296 HIGH

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,

Products Affected

Vendor Product Version
meteocontrol web'log_pro_unlimited -
meteocontrol web'log_basic_100 -
meteocontrol web'log_pro -
meteocontrol web'log_light -
CVE-2016-2297 HIGH

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
meteocontrol web'log_pro_unlimited -
meteocontrol web'log_basic_100 -
meteocontrol web'log_pro -
meteocontrol web'log_light -
CVE-2016-2298 HIGH

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
meteocontrol web'log_pro_unlimited -
meteocontrol web'log_basic_100 -
meteocontrol web'log_pro -
meteocontrol web'log_light -
CVE-2016-4504 MEDIUM

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
meteocontrol weblog -