Lucene search
K

86 matches found

Prion
Prion
added 2020/02/24 7:15 p.m.20 views

Cross site scripting

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanc...

4.3CVSS6AI score0.00974EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/02/24 7:15 p.m.15 views

Cross site scripting

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...

4.3CVSS6AI score0.0084EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/24 6:16 p.m.24 views

CVE-2019-12513 Stored XSS via DHCP Discover Request Hostname

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...

6AI score0.0084EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/14 9:0 p.m.24 views

CVE-2018-18291

A cross site scripting XSS vulnerability on ASUS RT-AC58U 3.0.0.4.3806516 devices allows remote attackers to inject arbitrary web script or HTML via AdvancedASUSDDNSContent.asp, AdvancedWSecurityContent.asp, AdvancedWirelessContent.asp, Logout.asp, MainLogin.asp, MobileQISLogin.asp, QISwizard.htm...

6.1AI score0.0083EPSS
Exploits1References1
NVD
NVD
added 2018/09/26 9:29 p.m.21 views

CVE-2017-15608

Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings...

6.5CVSS6.5AI score0.00411EPSS
Exploits0References2
Prion
Prion
added 2018/09/26 9:29 p.m.14 views

Cross site request forgery (csrf)

Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings...

4.3CVSS6.5AI score0.00411EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/09/26 9:29 p.m.4 views

CVE-2017-15608

Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings...

6.5CVSS5.8AI score0.00411EPSS
Exploits0References2
CVE
CVE
added 2018/09/26 9:0 p.m.46 views

CVE-2017-15608

Inedo ProGet is affected by a CSRF vulnerability in versions before 5.0 Beta5, enabling an attacker to change advanced settings. The issue is documented across multiple sources (NVD/NVD3/OpenVAS) with CVSS metrics: CVSSv3 base score 6.5 (I:H) and CVSSv2 base score 4.3 (I:P). Root cause is a cross...

6.5CVSS6.4AI score0.00411EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/05/18 10:29 p.m.5 views

CVE-2018-1147

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios,...

5.4CVSS6AI score0.01148EPSS
Exploits0References2
Prion
Prion
added 2018/05/18 10:29 p.m.18 views

Input validation

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios,...

3.5CVSS5.3AI score0.01148EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/05/18 10:0 p.m.39 views

CVE-2018-1147

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios,...

5.7AI score0.01148EPSS
Exploits0References2
exploitpack
exploitpack
added 2017/09/04 12:0 a.m.111 views

CodeMeter 6.50 - Cross-Site Scripting

CodeMeter 6.50 - Cross-Site Scripting Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2074 ID: FB49498 Acknowledgements:...

3.5CVSS5.7AI score0.03877EPSS
Exploits7
OpenVAS
OpenVAS
added 2017/07/03 12:0 a.m.27 views

Elasticsearch Kibana Improper Authentication Vulnerability

Elasticsearch Kibana is prone to an improper authentication vulnerability. This VT has been split into two VTs with the OIDs 1.3.6.1.4.1.25623.1.0.108259 and 1.3.6.1.4.1.25623.1.0.108260 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...

6.5CVSS6.7AI score0.00986EPSS
Exploits0References1
OSV
OSV
added 2017/06/20 12:29 a.m.5 views

CVE-2017-3743

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility ASU, UpdateXpress System Pack Installer UXSPI or Dynamic System Analysis DSA to a second machine, the other users may be able to see the user ID...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References1
Veracode
Veracode
added 2017/06/19 2:59 a.m.18 views

Privilege Bypass

Kibana is vulnerable to privilege bypass attacks. When X-Pack is installed, requests to the short URL and advanced settings services. This flaw allows authenticated users to make requests to those services regardless of their own permissions...

6.5CVSS6.3AI score0.00986EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/06/16 9:29 p.m.23 views

CVE-2016-10364

With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions...

6.5CVSS6.6AI score
Exploits0References1
Fortinet
Fortinet
added 2016/10/05 12:0 a.m.30 views

FortiAnalyzer and FortiManager stored XSS vulnerability in report filters

A cross-site-scripting vulnerablity in FortiAnalyzer/FortiManager in advanced settings page could allow an administrator to inject scripts in the add filter field...

3.5CVSS3.4AI score0.00696EPSS
Exploits0
Citrix
Citrix
added 2016/02/19 12:0 a.m.7 views

"This page can't be displayed. Turn on TLS 1.0 TLS 1.1, and TLS 1.2. in Advanced Settings And Try Connecting Again" While Accessing StoreFront

Error: "This page can't be displayed. Turn on TLS 1.0 TLS 1.1, and TLS 1.2. in Advanced Settings And Try Connecting Again" While Accessing StoreFront...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2015/01/12 11:28 p.m.27 views

Instant PDF Password Protector - Password Protect PDF file

Instant PDF Password Protector is the Free tool to quickly Password Protect PDF file on your system. With a click of button, you can lock or protect any of your sensitive/private PDF documents. You can also use any of the standard Encryption methods - RC4/AES 40-bit, 128-bit, 256-bit based upon t...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2014/05/01 7:58 p.m.270 views

Coinbase: Bypassing 2FA for BTC transfers

Under advanced settings, users have the ability to protect their wallet by requiring two-factor confirmation when sending bitcoins. Personally, I have configured my account with the most secure option, which requires two factor confirmation when sending any amount of bitcoins. However, a flaw...

7.2AI score
Exploits0
Rows per page
Query Builder