Tautulli 2.1.9 Cross Site Request Forgery

Exploit Title: Tautulli v2.1.9 - Cross-Site Request Forgery ShutDown Date: 2018-12-17 Exploit Author: Ismail Tasdelen Vendor Homepage: https://tautulli.com/ Software : https://github.com/Tautulli/Tautulli Product Version: v2.1.9 Platform: Windows 10 10.0.18362 Python Version: 2.7.11...

CVE-2013-3313

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to checkusers.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in...

CVE-2013-3311

Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. dot dot in the URL of an HTTP GET request...

Directory traversal

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to checkusers.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in...

CVE-2013-3311

Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. dot dot in the URL of an HTTP GET request...

CVE-2013-3311

CVE-2013-3311 (Loftek Nexus 543 IP Camera) is a directory traversal vulnerability that allows remote attackers to read arbitrary files by manipulating the URL in an HTTP GET request (".." sequence). Connected materials also describe a related issue (CVE-2013-3313) where passwords are stored in cl...

CVE-2013-3313

Affected product: Loftek Nexus 543 IP Camera. Vulnerability details: CVE-2013-3313 exposes passwords in cleartext via an HTTP GET to check_users.cgi. The entry references related access via a directory traversal flaw in CVE-2013-3311, which can be leveraged to read sensitive data from the device ...

CVE-2013-3313

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to checkusers.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in...

Rockwellautomation 1763-l16awa Exposure of Sensitive Information to an Unauthorized Actor

An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00...

Arbitrary file deletion

ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page...

CVE-2019-17326

ClipSoft REXPERT 1.0.0.527 and earlier allows remote arbitrary file deletion via an HTTP GET with a specially crafted parameter. Exploitation requires user interaction (target must visit a malicious page). Affected product: ClipSoft REXPERT; no explicit root-cause or patch details are provided in...

CVE-2019-17326

ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page...

CVE-2019-17181

A remote SEH buffer overflow has been discovered in IntraSrv 1.0 2007-06-03. An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system...

CVE-2019-17181

A remote SEH buffer overflow has been discovered in IntraSrv 1.0 2007-06-03. An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system...

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. Recent assessments: ericalexanderorg at August 04, 2020 4:42pm UTC reported: More detail Stupid easy SSRF...

CVE-2019-16521

The broken-link-checker plugin through 1.11.8 for WordPress aka Broken Link Checker is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS...