Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-11165

EPSS 89.82% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-11165

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Thermo Fisher Scientific Thermo Fisher Scientific dataTaker DT80 dEX 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Thermo Fisher Scientific dataTaker DT80 dEX是澳大利亚Thermo Fisher Scientific公司的一款数据采集记录器。 Thermo Fisher Scientific dataTaker DT80 dEX 1.50.012版本中存在安全漏洞。远程攻击者可利用该漏洞获取敏感证书和配置信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-11165

#POC DescriptionSource LinkShenlong Link
1Datataker DT82E Simple Xploit https://github.com/xymbiot-solution/CVE-2017-11165POC Details
2DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or executing unauthorized operations. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-11165.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-11165

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-07-12 · 22 CVEs total

CVE-2017-9977AVG AntiVirus for MacOS scan engine 安全漏洞
CVE-2017-11182Rise Ultimate Project Manager My Profile section 跨站脚本漏洞
CVE-2017-11181Rise Ultimate Project Manager Messaging section 跨站脚本漏洞
CVE-2017-11180FineCMS 跨站脚本漏洞
CVE-2017-11179FineCMS 跨站脚本漏洞
CVE-2017-11178FineCMS 安全漏洞
CVE-2017-7678Apache Spark 安全漏洞
CVE-2017-11167FineCMS 安全漏洞
CVE-2016-8638SAML 授权问题漏洞
CVE-2017-11187phpMyFAQ 安全漏洞
CVE-2017-11188ImageMagick 安全漏洞
CVE-2017-11174XOOPS Core SQL注入漏洞
CVE-2017-9845SAP NetWeaver disp+work 安全漏洞
CVE-2017-9844SAP NetWeaver 安全漏洞
CVE-2017-9843SAP NetWeaver AS ABAP 安全漏洞
CVE-2017-11190unrar-free 安全漏洞
CVE-2017-11189unrar-free 代码问题漏洞
CVE-2017-11196Pulse Connect Secure 跨站请求伪造漏洞
CVE-2017-11195Pulse Connect Secure 安全漏洞
CVE-2017-11194Pulse Connect Secure 跨站脚本漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-11165

No comments yet

Leave a comment