86 matches found
Cross site scripting
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanc...
Cross site scripting
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...
CVE-2019-12513 Stored XSS via DHCP Discover Request Hostname
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...
CVE-2018-18291
A cross site scripting XSS vulnerability on ASUS RT-AC58U 3.0.0.4.3806516 devices allows remote attackers to inject arbitrary web script or HTML via AdvancedASUSDDNSContent.asp, AdvancedWSecurityContent.asp, AdvancedWirelessContent.asp, Logout.asp, MainLogin.asp, MobileQISLogin.asp, QISwizard.htm...
CVE-2017-15608
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings...
Cross site request forgery (csrf)
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings...
CVE-2017-15608
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings...
CVE-2017-15608
Inedo ProGet is affected by a CSRF vulnerability in versions before 5.0 Beta5, enabling an attacker to change advanced settings. The issue is documented across multiple sources (NVD/NVD3/OpenVAS) with CVSS metrics: CVSSv3 base score 6.5 (I:H) and CVSSv2 base score 4.3 (I:P). Root cause is a cross...
CVE-2018-1147
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios,...
Input validation
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios,...
CVE-2018-1147
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios,...
CodeMeter 6.50 - Cross-Site Scripting
CodeMeter 6.50 - Cross-Site Scripting Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2074 ID: FB49498 Acknowledgements:...
Elasticsearch Kibana Improper Authentication Vulnerability
Elasticsearch Kibana is prone to an improper authentication vulnerability. This VT has been split into two VTs with the OIDs 1.3.6.1.4.1.25623.1.0.108259 and 1.3.6.1.4.1.25623.1.0.108260 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...
CVE-2017-3743
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility ASU, UpdateXpress System Pack Installer UXSPI or Dynamic System Analysis DSA to a second machine, the other users may be able to see the user ID...
Privilege Bypass
Kibana is vulnerable to privilege bypass attacks. When X-Pack is installed, requests to the short URL and advanced settings services. This flaw allows authenticated users to make requests to those services regardless of their own permissions...
CVE-2016-10364
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions...
FortiAnalyzer and FortiManager stored XSS vulnerability in report filters
A cross-site-scripting vulnerablity in FortiAnalyzer/FortiManager in advanced settings page could allow an administrator to inject scripts in the add filter field...
"This page can't be displayed. Turn on TLS 1.0 TLS 1.1, and TLS 1.2. in Advanced Settings And Try Connecting Again" While Accessing StoreFront
Error: "This page can't be displayed. Turn on TLS 1.0 TLS 1.1, and TLS 1.2. in Advanced Settings And Try Connecting Again" While Accessing StoreFront...
Instant PDF Password Protector - Password Protect PDF file
Instant PDF Password Protector is the Free tool to quickly Password Protect PDF file on your system. With a click of button, you can lock or protect any of your sensitive/private PDF documents. You can also use any of the standard Encryption methods - RC4/AES 40-bit, 128-bit, 256-bit based upon t...
Coinbase: Bypassing 2FA for BTC transfers
Under advanced settings, users have the ability to protect their wallet by requiring two-factor confirmation when sending bitcoins. Personally, I have configured my account with the most secure option, which requires two factor confirmation when sending any amount of bitcoins. However, a flaw...