Lucene search
K

7660 matches found

Prion
Prion
added 2017/10/31 7:29 a.m.7 views

Cross site scripting

D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...

4.3CVSS6.7AI score0.01377EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/10/31 7:29 a.m.2 views

CVE-2016-10699

D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...

6.1CVSS5.8AI score0.01377EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/10/31 7:0 a.m.16 views

CVE-2016-10699

D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...

6.3AI score0.01377EPSS
Exploits1References2
CVE
CVE
added 2017/10/31 7:0 a.m.69 views

CVE-2016-10699

CVE-2016-10699 affects D-Link DSL-2740E, version 1.00_BG_20150720. The vulnerability is a persistent cross-site scripting (XSS) flaw in the username and password input fields due to lack of input sanitization. A remote unauthenticated user can craft logins and passwords containing script tags, po...

6.1CVSS6.2AI score0.01377EPSS
Exploits1References2Affected Software1
Talos
Talos
added 2017/10/31 12:0 a.m.202 views

Circle with Disney Rclient SSH Persistent Remote Access Vulnerability

Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...

8CVSS7AI score0.00973EPSS
Exploits2
Vulnerability Lab
Vulnerability Lab
added 2017/10/30 12:0 a.m.80 views

Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability

Document Title: =============== Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2000 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16636 CVE-ID: ======= CVE-2017-16636 Release...

3.5CVSS5.3AI score0.00608EPSS
Exploits3
Vulnerability Lab
Vulnerability Lab
added 2017/10/30 12:0 a.m.41 views

Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability

Document Title: =============== Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2000 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16636 CVE-ID: ======= CVE-2017-16636 Release...

5.4CVSS5.2AI score0.00608EPSS
Exploits3
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2017/10/27 12:0 a.m.52 views

Stable Channel Update for Chrome OS

The Stable channel has been updated to 62.0.3202.74 Platform version: 9901.54.0/1 for most Chrome OS devices. This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days. New Features Kerberos SSO integration for Active Directory...

9.6CVSS8.4AI score0.02388EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2017/10/24 12:0 a.m.74 views

Cisco Umbrella Virtual Appliance 2.0.3 Undocumented Support Tunnel Vulnerability

Cisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance. Cisco Umbrella Virtual Appliance - Undocumented Support Tunnel...

6CVSS6.6AI score0.00359EPSS
Exploits1
Microsoft Malware Protection
Microsoft Malware Protection
added 2017/10/23 1:2 p.m.76 views

Hardening the system and maintaining integrity with Windows Defender System Guard

One of the things we spend a great deal of time thinking about here at Microsoft is how attackers will attempt to persist and evade detection once they’ve successfully compromised a device. With Windows 10 we’ve made it more difficult to find ways to exploit potential entry points, and it’s clear...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2017/10/23 1:0 p.m.12 views

Latest Sofacy Campaign Targeting Security Researchers

Sofacy, the Russian-speaking APT group connected to interference in the 2016 U.S. presidential election, has been targeting researchers, admins and others interested in cybersecurity. Cisco’s security research arm Talos published a report on Sunday describing a campaign linked to Sofacy, also kno...

0.2AI score
Exploits0References2
NVD
NVD
added 2017/10/16 4:29 a.m.17 views

CVE-2017-15375

Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...

6.1CVSS6.5AI score0.00901EPSS
Exploits3References1
NVD
NVD
added 2017/10/16 4:29 a.m.23 views

CVE-2017-15374

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

6.1CVSS6.4AI score0.04812EPSS
Exploits7References2
Prion
Prion
added 2017/10/16 4:29 a.m.13 views

Cross site scripting

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

4.3CVSS6.2AI score0.04812EPSS
Exploits7References2Affected Software1
Prion
Prion
added 2017/10/16 4:29 a.m.14 views

Cross site scripting

Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...

4.3CVSS6.4AI score0.00901EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2017/10/16 4:0 a.m.28 views

CVE-2017-15374

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

6.3AI score0.04812EPSS
Exploits7References2
Cvelist
Cvelist
added 2017/10/16 4:0 a.m.18 views

CVE-2017-15375

Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...

6.5AI score0.00901EPSS
Exploits3References1
CVE
CVE
added 2017/10/16 4:0 a.m.74 views

CVE-2017-15374

Shopware 5.2.5–5.3 contains a persistent cross-site scripting (XSS) vulnerability in the backend CMS modules for customer and order handling. The flaw allows injection of script into firstname/lastname/order fields, triggering execution in the admin backend preview of customers or orders. Exploit...

6.1CVSS6.2AI score0.04812EPSS
Exploits7References2Affected Software1
Prion
Prion
added 2017/10/15 3:29 a.m.14 views

Default credentials

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...

7.5CVSS9.2AI score0.01199EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/10/15 3:29 a.m.14 views

CVE-2017-15304

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...

9.8CVSS9.3AI score0.01199EPSS
Exploits0References1
Rows per page
Query Builder