6 matches found
CVE-2020-13260
A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...
CVE-2020-13260
The CVE-2020-13260 entry concerns RAD SecFlow-1v web-based management interface (SF_0290_2.3.01.26). A vulnerability allows an authenticated attacker to upload a JavaScript file as a stored XSS payload, which is saved in the system as an OVPN config or a static key file. The payload executes when...
Cross site request forgery (csrf)
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF02902.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on a...
CVE-2020-13259
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF02902.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on a...
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting
Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...
RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting
Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...