132 matches found
CVE-2020-12131
The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter shown next to the UI logo...
Advantech WebAccess/NMS getSyslogUiList SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processi...
Advantech WebAccess/NMS MibBrowser SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the handleTargetsByDeviceName method of the...
Cross site scripting
Kofax Front Office Server version 4.1.1.11.0.5212 both Thin Client and Administration Console suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - Thin Client or 2 "DeviceName" field in...
CVE-2018-17288
Kofax Front Office Server version 4.1.1.11.0.5212 both Thin Client and Administration Console suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - Thin Client or 2 "DeviceName" field in...
CVE-2018-17288
Kofax Front Office Server version 4.1.1.11.0.5212 both Thin Client and Administration Console suffers from multiple authenticated stored XSS vulnerabilities via the 1 "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - Thin Client or 2 "DeviceName" field in...
PT-2018-17947
Name of the Vulnerable Software and Affected Versions Kentico versions 9 through 11 Description A Reflected Cross-Site Scripting issue allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link entered through specific screens, including "Pages - Edit...
Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability
Document Title: =============== Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2028 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID VL-ID: ==================================== 2028...
iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability
Document Title: =============== iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1271 Release Date: ============= 2014-06-02 Vulnerability Laboratory ID VL-ID: ==================================...
DreamBox DM800 Arbitrary File Download Vulnerability
Exploit for hardware platform in category remote exploits Exploit Title: title Date: date Author: ShellVision Version: dm800 / !CDATA / functiontryvar...
DEBIAN-CVE-2004-1951
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the 1 audio.sunaudiodevice or 2 dxr3.devicename options in an MRL link...
CVE-2004-1951
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the 1 audio.sunaudiodevice or 2 dxr3.devicename options in an MRL link...