31 matches found
CVE-2017-18484
Cognitoys Dino devices allow XSS via the SSID...
CVE-2017-18485
Cognitoys Dino devices allow profilesadd.html CSRF...
EUVD-2017-17809
Malware in sbrugna...
EUVD-2017-9601
Malware in sbrugna...
EUVD-2017-9600
Malware in sbrugna...
EUVD-2017-17807
Malware in sbrugna...
Crunchbase Cognitoys Dino Cross-Site Scripting Vulnerability
Crunchbase Cognitoys Dino is a children's cognitive electronic learning toy from Crunchbase USA. A cross-site scripting vulnerability exists in Crunchbase Cognitoys Dino. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit...
Crunchbase Cognitoys Dino Cross-Site Request Forgery Vulnerability
Crunchbase Cognitoys Dino is a children's cognitive electronic learning toy from Crunchbase USA. A cross-site request forgery vulnerability exists in the Crunchbase Cognitoys Dino device. The vulnerability stems from the WEB application not adequately verifying that a request is from a trusted...
CVE-2017-18484
Cognitoys Dino devices allow XSS via the SSID...
CVE-2017-18485
Cognitoys Dino devices allow profilesadd.html CSRF...
Command injection
Cognitoys Dino devices allow XSS via the SSID...
Cross site request forgery (csrf)
Cognitoys Dino devices allow profilesadd.html CSRF...
CVE-2017-18484
Cognitoys Dino devices are affected by CVE-2017-18484, a cross-site scripting (XSS) vulnerability that can be triggered via the SSID. Redhat/CNVD entries attribute the issue to a lack of proper validation of client-side data by the WEB application, enabling an attacker to execute client-side code...
CVE-2017-18484
Cognitoys Dino devices allow XSS via the SSID...
CVE-2017-18485
Cognitoys Dino devices allow profilesadd.html CSRF...
CVE-2017-18485
CVE-2017-18485 affects Cognitoys Dino devices. The connected records describe a cross-site request forgery (CSRF) in the device’s web UI (notably in profiles_add.html). The CNVD entry states the vulnerability stems from the web application not adequately verifying that a request comes from a trus...
Elemental Path's CogniToys Dino Information Disclosure Vulnerability (CNVD-2018-00676)
Elemental Path's CogniToys Dino is a smart toy from Elemental Path's in the United States that is capable of voice communication with children. Elemental Path's CogniToys Dino using firmware version 0.0.794 and earlier suffers from a security vulnerability that stems from the program's use of a...
Elemental Path's CogniToys Dino Information Disclosure Vulnerability (CNVD-2018-00677)
Elemental Path's CogniToys Dino is a smart toy from Elemental Path's, USA that is capable of voice communication with children. An information disclosure vulnerability exists in Elemental Path's CogniToys Dino using firmware version 0.0.794 and earlier, which stems from the program's use of AES-1...
Elemental Path's CogniToys Dino Information Disclosure Vulnerability
Elemental Path's CogniToys Dino is a smart toy from Elemental Path's in the United States that is capable of voice communication with children. An information disclosure vulnerability exists in the Elemental Path CogniToys Dino using firmware version 0.0.794 and earlier. An attacker could use thi...
Path traversal
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on...