CVE-2019-18265

Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in...

CVE-2019-18265

creationtimestamp| type| source ---|---|--- 2022-12-01 02:30:04+00:00| seen| https://t.me/cibsecurity/53739...

CVE-2019-18265

Digital Alert Systems’ DASDEC software prior to version 4.1 is affected by CVE-2019-18265, an XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the login page’s SSH username field or the HTTP Host header. The injected content is stored in logs and rendered ...

Digital Alert Systems DASDEC

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Digital Alert Systems Equipment: DASDEC Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities might result in false alerts...

CVE-2020-18265

Cross Site Request Forgery CSRF in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=actaddmember"...

CVE-2020-18265

Cross Site Request Forgery CSRF in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component "Simple-Log/admin/admin.php?act=actaddmember"...

CVE-2020-18265

The CVE-2020-18265 entry concerns Simple-Log v1.6, where a Cross-Site Request Forgery (CSRF) vulnerability exists in the admin workflow. The reported issue states that CSRF can allow remote attackers to gain privileges and execute arbitrary code via the component Simple-Log/admin/admin.php?act=ac...

Debian DSA-4198-1 : prosody - security update

Albert Dengg discovered that incorrect parsing of messages in the Prosody Jabber/XMPP server may result in denial of service. The oldstable distribution jessie is not affected. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

[SECURITY] [DSA 4198-1] prosody security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4198-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2018 https://www.debian.org/security/faq -...

CVE-2017-18265

Prosody before 0.10.0 allows remote attackers to cause a denial of service application crash, related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in,...

UBUNTU-CVE-2017-18265

Prosody before 0.10.0 allows remote attackers to cause a denial of service application crash, related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in,...

CVE-2017-18265

Prosody before 0.10.0 is affected by a DoS vulnerability caused by an incompatibility with certain LuaSocket versions (e.g., Debian stretch lua-socket). An attacker can trigger a stream error, with the crash observed in the c2s module. Debian's security advisory fixes the issue in stretch by upgr...