7660 matches found
Cross site scripting
D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...
CVE-2016-10699
D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...
CVE-2016-10699
D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...
CVE-2016-10699
CVE-2016-10699 affects D-Link DSL-2740E, version 1.00_BG_20150720. The vulnerability is a persistent cross-site scripting (XSS) flaw in the username and password input fields due to lack of input sanitization. A remote unauthenticated user can craft logins and passwords containing script tags, po...
Circle with Disney Rclient SSH Persistent Remote Access Vulnerability
Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...
Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability
Document Title: =============== Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2000 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16636 CVE-ID: ======= CVE-2017-16636 Release...
Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability
Document Title: =============== Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2000 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16636 CVE-ID: ======= CVE-2017-16636 Release...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 62.0.3202.74 Platform version: 9901.54.0/1 for most Chrome OS devices. This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days. New Features Kerberos SSO integration for Active Directory...
Cisco Umbrella Virtual Appliance 2.0.3 Undocumented Support Tunnel Vulnerability
Cisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance. Cisco Umbrella Virtual Appliance - Undocumented Support Tunnel...
Hardening the system and maintaining integrity with Windows Defender System Guard
One of the things we spend a great deal of time thinking about here at Microsoft is how attackers will attempt to persist and evade detection once they’ve successfully compromised a device. With Windows 10 we’ve made it more difficult to find ways to exploit potential entry points, and it’s clear...
Latest Sofacy Campaign Targeting Security Researchers
Sofacy, the Russian-speaking APT group connected to interference in the 2016 U.S. presidential election, has been targeting researchers, admins and others interested in cybersecurity. Cisco’s security research arm Talos published a report on Sunday describing a campaign linked to Sofacy, also kno...
CVE-2017-15375
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...
CVE-2017-15374
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...
Cross site scripting
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...
Cross site scripting
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...
CVE-2017-15374
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...
CVE-2017-15375
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...
CVE-2017-15374
Shopware 5.2.5–5.3 contains a persistent cross-site scripting (XSS) vulnerability in the backend CMS modules for customer and order handling. The flaw allows injection of script into firstname/lastname/order fields, triggering execution in the admin backend preview of customers or orders. Exploit...
Default credentials
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...
CVE-2017-15304
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...