544 matches found
OpenWrt and LEDE Cross-Site Scripting Vulnerabilities
Both OpenWrt and LEDE are Linux operating systems for embedded devices. The systems are capable of providing fully writable file systems and package management. A cross-site scripting vulnerability exists in the 'cgihandlerequest' function in OpenWrt versions 18.06.1 and earlier and LEDE versions...
CVE-2018-19630
cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...
CVE-2018-19630
cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...
Cross site scripting
cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...
CVE-2018-19630
cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...
CVE-2018-19630
The vulnerability CVE-2018-19630 affects OpenWrt up to 18.06.1 and LEDE up to 17.01, where the uhttpd component’s cgi_handle_request is vulnerable to unauthenticated reflected XSS via the request URI (demonstrated with cgi-bin/?[XSS]). The issue is triggered by crafted URI input and allows a refl...
WindowsSpyBlocker - Block Spying And Tracking On Windows
WindowsSpyBlocker is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems. The initial approach of this application is to capture and analyze network traffic based on a set of tools. It is open for everyone and if you want to contribute...
CVE-2018-11116
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and servi...
Information disclosure
DISPUTED OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log,...
CVE-2018-11116
The CVE-2018-11116 issue concerns OpenWrt rpcd access control in /etc/config/rpcd and /usr/share/rpcd/acl.d, where remote authenticated users could call arbitrary methods (ubus over HTTP) intended for a specific user. The vulnerability description notes potentially remote Information Disclosure o...
CVE-2018-11116
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and servi...
CVE-2018-11116
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and servi...
PT-2018-10312 · Openwrt · Openwrt
Name of the Vulnerable Software and Affected Versions: OpenWrt affected versions not specified Description: The issue concerns the mishandling of access control in certain configuration files, potentially allowing remote authenticated users to call arbitrary methods, which could lead to remote...
CVE-2017-17867
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...
CVE-2017-17867
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...
Design/Logic Flaw
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...
CVE-2017-17867
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...
CVE-2017-17867
CVE-2017-17867 concerns Inteno IOPSYS devices (2.0–3.14 and 4.0) where remote authenticated users can execute arbitrary OS commands by manipulating the leasetrigger field in the odhcpd config via an SMB share, due to insufficient protection of OpenWrt config (not using /etc/uci-defaults). Connect...
CVE-2017-17867
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...
Udp2raw-tunnel - A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]
A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer. Support Platforms A Linux host including desktop Linux, Android...