216 matches found
CVE-2020-5782
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...
CVE-2020-5783
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms...
MAL-2025-3673 Malicious code in @johndeere-tech/helios-ng-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5cafd54c91f17226053b5247b4cd518c79cc4e6462f2bf35455fc9a9f8b55c42 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @johndeere-tech/helios-mat-styles (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 226a36baff3a45f171643849384a2b5ba6f9120f2a98d58b2589fc9381fc1c8a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @johndeere-tech/helios-styles (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99b3379997f7c1fa963e3f0022064669ccae41425799fd8d62cbcda0d2d01651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
helios-treppenlifte.de Improper Access Control vulnerability OBB-3773567
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
helios-servis.cz Cross Site Scripting vulnerability OBB-3257513
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
MAL-2022-562 Malicious code in @riptano/helios (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ce78b47ef6b3e95b29924aee3edd4bce0a8c9519a79493905ebcb7796553afc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in helium-helios (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69e851f09b30092c3b708f31d453943bf56739c9ad4cc3e4fcd231e4d7fccde4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Helios Solutions Brand Logo Slider plugin <= 2.1 - Authenticated Arbitrary File Upload vulnerability
Authenticated Arbitrary File Upload vulnerability found by Net-Hunter in WordPress Helios Solutions Brand Logo Slider plugin versions = 2.1. Solution 2020-12-03 - we found only notification from wordpress.org plugin repository "This plugin has been closed as of October 21, 2020 and is not availab...
Helios Solutions Brand Logo Slider <= 2.1 - Authenticated Arbitrary File Upload
An Authenticated user admin+ can bypass the security check of the plugin and upload arbitrary files via the Brand Logo. PoC The PoC will be displayed once the issue has been remediated...
CVE-2020-5783
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms...
CVE-2020-5783
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms...
CVE-2020-5781
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...
CVE-2020-5782
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...
CVE-2020-5781
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...
CVE-2020-5782
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...
Design/Logic Flaw
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...
Cross site request forgery (csrf)
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms...
Design/Logic Flaw
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...