Lucene search
K

544 matches found

CNVD
CNVD
added 2018/11/29 12:0 a.m.3 views

OpenWrt and LEDE Cross-Site Scripting Vulnerabilities

Both OpenWrt and LEDE are Linux operating systems for embedded devices. The systems are capable of providing fully writable file systems and package management. A cross-site scripting vulnerability exists in the 'cgihandlerequest' function in OpenWrt versions 18.06.1 and earlier and LEDE versions...

6.1CVSS6AI score0.00663EPSS
Exploits1References1
OSV
OSV
added 2018/11/28 10:29 a.m.5 views

CVE-2018-19630

cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...

6.1CVSS5.8AI score0.00663EPSS
Exploits1References1
NVD
NVD
added 2018/11/28 10:29 a.m.16 views

CVE-2018-19630

cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...

6.1CVSS6.1AI score0.00663EPSS
Exploits1References1
Prion
Prion
added 2018/11/28 10:29 a.m.16 views

Cross site scripting

cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...

4.3CVSS6AI score0.00663EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2018/11/28 10:0 a.m.25 views

CVE-2018-19630

cgihandlerequest in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?XSS URI...

6.1AI score0.00663EPSS
Exploits1References1
CVE
CVE
added 2018/11/28 10:0 a.m.62 views

CVE-2018-19630

The vulnerability CVE-2018-19630 affects OpenWrt up to 18.06.1 and LEDE up to 17.01, where the uhttpd component’s cgi_handle_request is vulnerable to unauthenticated reflected XSS via the request URI (demonstrated with cgi-bin/?[XSS]). The issue is triggered by crafted URI input and allows a refl...

6.1CVSS6AI score0.00663EPSS
Exploits1References1Affected Software2
Kitploit
Kitploit
added 2018/08/01 9:49 p.m.75 views

WindowsSpyBlocker - Block Spying And Tracking On Windows

WindowsSpyBlocker is an application written in Go and delivered as a single executable to block spying and tracking on Windows systems. The initial approach of this application is to capture and analyze network traffic based on a set of tools. It is open for everyone and if you want to contribute...

7AI score
Exploits0References18
NVD
NVD
added 2018/06/19 9:29 p.m.17 views

CVE-2018-11116

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and servi...

8.8CVSS8.4AI score0.02436EPSS
Exploits0References2
Prion
Prion
added 2018/06/19 9:29 p.m.16 views

Information disclosure

DISPUTED OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log,...

6.5CVSS8.3AI score0.02436EPSS
Exploits0References2
CVE
CVE
added 2018/06/19 9:0 p.m.69 views

CVE-2018-11116

The CVE-2018-11116 issue concerns OpenWrt rpcd access control in /etc/config/rpcd and /usr/share/rpcd/acl.d, where remote authenticated users could call arbitrary methods (ubus over HTTP) intended for a specific user. The vulnerability description notes potentially remote Information Disclosure o...

8.8CVSS8.3AI score0.02436EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/06/19 9:0 p.m.21 views

CVE-2018-11116

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and servi...

8.4AI score0.02436EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/06/19 9:0 p.m.15 views

CVE-2018-11116

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods i.e., achieve ubus access over HTTP that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and servi...

6.9AI score0.02436EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/06/19 12:0 a.m.6 views

PT-2018-10312 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt affected versions not specified Description: The issue concerns the mishandling of access control in certain configuration files, potentially allowing remote authenticated users to call arbitrary methods, which could lead to remote...

8.8CVSS8.5AI score0.02436EPSS
Exploits0References3
OSV
OSV
added 2018/01/04 7:29 p.m.3 views

CVE-2017-17867

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

8.8CVSS6.1AI score0.11075EPSS
Exploits5References3
NVD
NVD
added 2018/01/04 7:29 p.m.23 views

CVE-2017-17867

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

9CVSS8.8AI score0.11075EPSS
Exploits5References3
Prion
Prion
added 2018/01/04 7:29 p.m.14 views

Design/Logic Flaw

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

9CVSS8.7AI score0.11075EPSS
Exploits5References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/01/04 7:29 p.m.1 views

CVE-2017-17867

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

9CVSS6AI score0.11075EPSS
Exploits5References5
CVE
CVE
added 2018/01/04 7:0 p.m.59 views

CVE-2017-17867

CVE-2017-17867 concerns Inteno IOPSYS devices (2.0–3.14 and 4.0) where remote authenticated users can execute arbitrary OS commands by manipulating the leasetrigger field in the odhcpd config via an SMB share, due to insufficient protection of OpenWrt config (not using /etc/uci-defaults). Connect...

9CVSS8.7AI score0.11075EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/01/04 7:0 p.m.27 views

CVE-2017-17867

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...

8.8AI score0.11075EPSS
Exploits5References3
Kitploit
Kitploit
added 2017/08/19 10:30 p.m.111 views

Udp2raw-tunnel - A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]

A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer. Support Platforms A Linux host including desktop Linux, Android...

Exploits0References7
Rows per page
Query Builder