Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2018-6460
HistoryJan 31, 2018 - 5:00 p.m.

CVE-2018-6460

2018-01-3117:00:00
mitre
www.cve.org

0.026 Low

EPSS

Percentile

90.4%

JSON

Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.

Related

exploitpack 1
cve 1
prion 1
nvd 1
threatpost 1
thn 1
exploitdb 1
exploitpack
exploitpack
Hotspot Shield - Information Disclosure
2018-01-30 00:00:00
cve
cve
CVE-2018-6460
2018-01-31 17:29:00
prion
prion
Code injection
2018-01-31 17:29:00
nvd
nvd
CVE-2018-6460
2018-01-31 17:29:00
threatpost
threatpost
Hotspot Shield Vulnerability Could Reveal β€˜Juicy’ Info About Users, Researcher Claims
2018-02-07 13:00:54
thn
thn
Researcher Claims Hotspot Shield VPN Service Exposes You on the Internet
2018-02-07 13:13:00
exploitdb
exploitdb
Hotspot Shield - Information Disclosure
2018-01-30 00:00:00

0.026 Low

EPSS

Percentile

90.4%

JSON
Related for CVELIST:CVE-2018-6460
exploitpack1cve1prion1nvd1threatpost1thn1exploitdb1