CVE-2018-7903

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

Design/Logic Flaw

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

CVE-2018-7903

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

Design/Logic Flaw

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

CVE-2018-7903

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

CVE-2018-7904

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

CVE-2018-7902

Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management...

CVE-2018-7902

Affected products: Huawei 1288H V5 and 288H V5 with software V100R005C00. Vulnerability: JSON injection in iBMC/server component due to insufficient input validation, allowing an authenticated, remote attacker to inject JSON and modify the administrator password, potentially gaining the system ma...

CVE-2018-7904

Huawei 1288H V5 / 288H V5 (software V100R005C00) expose a JSON injection vulnerability (CVE-2018-7904) in the iBMC server component due to insufficient input validation. An authenticated, remote attacker can inject JSON to modify the administrator password, enabling management privileges on the s...

CVE-2018-7903

CVE-2018-7903 affects Huawei 1288H V5 and 2288H V5 with software V100R005C00. The vulnerability arises from insufficient input validation in the iBMC JSON handling, allowing an authenticated, remote attacker to perform a JSON injection to change the administrator password and potentially gain man...

Security Advisory - Three JSON Injection Vulnerabilities in Huawei Some Products

There are three JSON injection vulnerabilities in Huawei some product. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system...

Remote Code Execution (RCE)

infinispan-core is vulnerable to remote code execution RCE attacks. An authenticated malicious user can pass an XML or JSON file to the cache to inject and execute arbitrary code when deserialized...

Open-Xchange: [XSS] Style/Event Filter Bypass v3.0

Hi. New ways to bypass filter in the mail. Previous reports 279073, 244821 1. onEvent filter bypass - If add in style, then onEvents filter disabled. Send e-mail: json "content": "", Response: json "content":"" 2. Without onEvents - Without you can using : json "content": "aaa", Response: json...

GSA Bounty: Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS

An attacker can deface various pages on catalog.data.gov, leading to them executing malicious JavaScript when visited by a normal user. The root problem is that the server trusts the X-Forwarded-Host HTTP header, and uses this to populate the 'data-site-root' and 'data-locale-root' attributes on...

openSUSE: Security Advisory for ruby (openSUSE-SU-2013:0278-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SuSE Update for ruby openSUSE-SU-2013:0280-1 (ruby)

Check for the Version of ruby OpenVAS Vulnerability Test $Id: gbsuse201302801.nasl 8672 2018-02-05 16:39:18Z teissa $ SuSE Update for ruby openSUSE-SU-2013:0280-1 ruby Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is fre...