231 matches found
VideoLAN VLC Media Player Cross-Site Scripting Vulnerability (CNVD-2020-08120)
VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework organized by VideoLAN France. The product supports the playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc. and so on. A cross-site...
HashiCorp Consul HTTP/RPC services Denial of Service Vulnerability
HashiCorp Consul is a service grid for service discovery, runtime configuration and solutions for microservice applications and infrastructure. A security vulnerability exists in HashiCorp Consul and Consul Enterprise versions 1.6.2 and earlier. An attacker could exploit the vulnerability to caus...
CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
UBUNTU-CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
CVE-2013-3565
CVE-2013-3565 affects VideoLAN VLC Media Player through its HTTP Interface, with multiple XSS vulnerabilities in the web UI. Versions prior to 2.0.7 are affected. An attacker can craft requests to the HTTP endpoints (requests/vlm_cmd.xml, requests/browse.xml) or include a URI in a request, which ...
CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
CVE-2017-8405
An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be...
CVE-2019-3927
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or...
Design/Logic Flaw
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or...
CVE-2019-3927
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or...
CVE-2019-3927
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or...
CVE-2019-3927
CVE-2019-3927 concerns Crestron AM-100 (firmware 1.6.0.2) and AM-101 (firmware 2.7.0.2). The issue allows anyone to change the administrator or moderator passwords via the OIDs iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2, enabling a remote, unauthenticated attacker to gain a...
Xerox ColorQube Printers RCE Vulnerability (XRX19C)
Xerox ColorQube printers are prone to a remote code execution RCE vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
CVE-2019-10880
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request OS Command Injection vulnerability in the HTTP interface. Depending upon configuration authentication may not be necessary...
CVE-2019-10880
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request OS Command Injection vulnerability in the HTTP interface. Depending upon configuration authentication may not be necessary...
CVE-2019-10880
CVE-2019-10880 affects Xerox ColorQube/XEROX products; vulnerability is a remote command execution via the HTTP interface. Root cause: OS Command Injection in the HTTP interface, exploitable by sending a crafted HTTP request, with the affected environment allowing the attacker to run commands as ...