456 matches found
CVE-2018-6460
Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the...
Hotspot Shield Information Disclosure
Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield. Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming, news, dating, gaming wherever you are.”...
PT-2018-17558
Name of the Vulnerable Software and Affected Versions Hotspot Shield affected versions not specified Description The issue concerns a web server running on Hotspot Shield with a static IP address and port 895. This web server utilizes JSONP and stores sensitive configuration information. An...
Hotspot Shield - Information Disclosure
Hotspot Shield - Information Disclosure Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield. Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming,...
pow8.com XSS vulnerability
Open Bug Bounty ID: OBB-527309 Description| Value ---|--- Affected Website:| pow8.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Cross-Site Request Forgery (CSRF)
symfony is vulnerable to cross-site request forgery CSRF attacks. The attacks are possible because it allows the injection of magic bytes via JSONP responses in JsonResponse.php...
Cross-Site Scripting (XSS)
Response-batch is vulenrable to cross-site scripting XSS attacks. The JSONP endpoints are vulnerable to active content injection...
CVE-2017-14269
EE 4GEE WiFi MBB before EE600005.0031 devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content...
CVE-2017-14269
EE 4GEE WiFi MBB before EE600005.0031 devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content...
Design/Logic Flaw
EE 4GEE WiFi MBB before EE600005.0031 devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content...
CVE-2017-14269
CVE-2017-14269 affects EE 4GEE WiFi MBB devices (before EE60_00_05.00_31). The vulnerability allows remote attackers to obtain sensitive data via a JSONP endpoint, demonstrated as passwords and SMS content exposure. The root cause is an insecure JSONP/endpoint handling that leaks confidential inf...
CVE-2017-14269
EE 4GEE WiFi MBB before EE600005.0031 devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content...
Quora: XSS through `__e2e_action_id` delivered by JSONP
Summary: The e2eactionid params used with POST requests to /servercallPOST?m= endpoint is not properly escaped when reflected back on a response allowing to inject Javascript. Also, another issue on some methods such as /servercallPOST?m=edit allows - with a strong premise discussed on the...
http-jsonp-detection NSE Script
Attempts to discover JSONP endpoints in web servers. JSONP endpoints can be used to bypass Same-origin Policy restrictions in web browsers. The script searches for callback functions in the response to detect JSONP endpoints. It also tries to determine callback function through URLcallback functi...
WakaTime: [wakatime.com] HTML Injection github-btn.html
Description === Vulnerable parameter: user Vulnerable script: https://wakatime.com/static/html/github-btn.html Vulnerable code: js var params = function var vars = , hash; var hashes = window.location.href.slicewindow.location.href.indexOf"?" + 1.split"&"; forvar i = 0; i...
ASUS Patches RT Router Vulnerabilities
A recent ASUS firmware update addressed a number of vulnerabilities in 30 models of its popular RT routers. The flaws were privately disclosed by researchers at Baltimore consultancy Nightwatch Cybersecurity, and were patched starting in March, with 10 updates added Wednesday. Users should ensure...
ASUS Routers CSRF / Information Disclosure Vulnerabilities
ASUS routers suffer from cross site request forgery and information disclosure vulnerabilities. Versions affected include RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, RT-AC66U, RT-AC88U, RT-AC66R, RT-AC66U, RT-AC66W, RT-AC68W, RT-AC68P, RT-AC68R, RT-AC68U, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC53U,...
Information disclosure
ASUS RT-AC and RT-N devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map...
CVE-2017-5892
ASUS RT-AC and RT-N devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map...
CVE-2017-8877
ASUS RT-AC and RT-N devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID...