Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Meteocontrol Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2296 1 Meteocontrol 4 Web\'log Basic 100, Web\'log Light, Web\'log Pro and 1 more 2017-09-06 7.5 HIGH 9.4 CRITICAL
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-4504 1 Meteocontrol 1 Weblog 2017-03-24 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
CVE-2016-2297 1 Meteocontrol 4 Web\'log Basic 100, Web\'log Light, Web\'log Pro and 1 more 2016-11-29 9.7 HIGH 9.4 CRITICAL
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
CVE-2016-2298 1 Meteocontrol 4 Web\'log Basic 100, Web\'log Light, Web\'log Pro and 1 more 2016-11-29 10.0 HIGH 9.8 CRITICAL
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.