CVE-2020-5781

In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...

CVE-2020-5781

Vulnerability CVE-2020-5781 affects IgniteNet HeliOS GLinq v2.2.1 r2961. The langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function; when manipulated with arbitrary JavaScript, this triggers a denial-of-service condition for all ...

CVE-2020-5782

In IgniteNet HeliOS GLinq v2.2.1 r2961, a login action that sets the ‘wan_type’ parameter can render the WAN interface unreachable, causing a denial-of-service condition for devices relying on that connection. This is the core vulnerability described across multiple sources (NVD, Red Hat, PRION, ...

CVE-2020-5782

In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...

CVE-2020-5783

In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms...

CVE-2020-5783

CVE-2020-5783 affects IgniteNet HeliOS GLinq v2.2.1 r2961. The connected documents provide concrete detail: the login functionality lacks CSRF protection, creating a CSRF risk for authenticated sessions. No explicit exploit details, affected components beyond the login mechanism, or remediation s...

@ambers/helios (>=0.10.0 <=0.13.5), @cloudmosaic/quickstarts (>=1.0.0-rc.0 <=1.0.0-rc.1) +181 more potentially affected by unknown CVE via showdown (>=0.0.1 <=1.9.0)

showdown NPM version =0.0.1, =0.10.0, =1.0.0-rc.0, =1.0.0, =1.0.0-alpha.1, =2.0.0, =0.4.0, =1.6.3, =5.2.1, =0.0.11, =0.0.9, =0.0.2, =1.0.0, =1.0.1, =2.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H6MQ-3CJ6-H738...

Dark Nexus: A New Emerging IoT Botnet Malware Spotted in the Wild

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage 'distributed denial-of-service' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named "darknexus" by Bitdefender...

Helios Calendar 1.1/1.2 Admin/Index.PHP Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26312/info Helios Calendar is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in ...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-5952

Cross-site scripting XSS vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-5952

The vulnerability CVE-2007-5952 targets Helios Calendar 1.2.1 Beta, affecting the admin/index.php component. It is a Cross-site Scripting (XSS) flaw that allows an attacker to inject arbitrary script or HTML through the username parameter. The root cause is unvalidated input in the username field...

CVE-2007-5952

Cross-site scripting XSS vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Helios Calendar 1.11.2 - adminindex.php Cross-Site Scripting

Helios Calendar 1.11.2 - adminindex.php Cross-Site Scripting source: https://www.securityfocus.com/bid/26312/info Helios Calendar is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute...

Helios Calendar 1.1/1.2 - &#039;admin/index.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/26312/info Helios Calendar is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the...

helios-xss.txt

Hi PacketStormSecurity.org; I'm reporting a vulnerability of type XSS in Helios Calendar, thank you for all. +==============================================================================+ + Helios Calendar =1.2.1 Beta XSS Multiple Remote Vulnerabilities +...