44 matches found
DMA Softlab DMA Radius Manager 跨站请求伪造漏洞
DMA Softlab DMA Radius Manager is an application from DMA Softlab Inc. Easy-to-use management system for Mikrotik, Cisco, StarOS, Chillispot, DD-WRT, pfSense NAS devices and DOCSIS CMTS. A cross-site request forgery vulnerability exists in DMA Softlab Radius Manager 4.4.0 that allows adding a new...
CVE-2021-29011
DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting XSS via the description, name, or address field under admin.php...
CVE-2021-29012
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid temporarily during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus...
CVE-2021-29012
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid temporarily during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus...
CVE-2021-29011
DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting XSS via the description, name, or address field under admin.php...
Cross site scripting
DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting XSS via the description, name, or address field under admin.php...
CVE-2021-29011
CVE-2021-29011 affects DMA Softlab Radius Manager 4.4.0 and is described as a Cross Site Scripting (XSS) vulnerability exploitable via the description, name, or address fields under admin.php. The connected documents corroborate an XSS issue with this version; CVSS metrics in the primary entry sh...
CVE-2021-29011
DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting XSS via the description, name, or address field under admin.php...
CVE-2021-29012
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid temporarily during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus...
CVE-2021-29012
DMA Softlab Radius Manager 4.4.0 suffers a session-management flaw where the same admin session cookie is issued to all admin sessions. The cookie remains valid while logged in but is temporarily invalid when logged out, effectively acting as a static password and enabling permanent access if sto...
DMA Softlab Radius Manager 跨站脚本漏洞
DMA Softlab Radius Manager is an application from DMA Softlab Inc. An easy-to-use management system for Mikrotik, Cisco, StarOS, Chillispot, DD-WRT, pfSense NAS devices and DOCSIS CMTS. A cross-site scripting vulnerability exists in DMA Softlab Radius Manager version 4.4.0, which originates from...
DMA Softlab Radius Manager 授权问题漏洞
DMA Softlab Radius Manager is an application from DMA Softlab Inc. An easy-to-use management system for Mikrotik, Cisco, StarOS, Chillispot, DD-WRT, pfSense NAS devices and DOCSIS CMTS. An unauthorized access vulnerability exists in DMA Softlab Radius Manager version 4.4.0 that stems from a cooki...
Radius Manager 3.8.0 - Multiple XSS Vulnerabilities
No description provided by source...
Radius Manager 3 & 4 Cross Site Script Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /...
Radius Manager V3.0.0=>4.0 CSRF Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Radius Manager 3.9.0 SQL Injection
Exploit Title: Radius Manager V3.9.0 Sql Injection Date: 16-10-2011 Author: Mehdi Boukazoula Software Link: http://www.dmasoftlab.com Version: v 3.9.0 Tested on: v 3.9.0 with Postgresql, PHP 5.2.6, Apache 2.2.8, Description : In the page of "http://127.0.0.1/admin.php" the parameter "cont" is not...
CVE-2010-4275
Multiple cross-site scripting XSS vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 name or 2 descr parameter in an a updateusergroup or a b storenas action to admin.php...
CVE-2010-4275
Radius Manager 3.8.0 is affected by multiple stored XSS vulnerabilities. The issue arises in the admin.php actions update_usergroup and store_nas, where unsanitized inputs for name/descr can inject arbitrary script/HTML. Exploitation requires an authenticated administrator; impact is limited to t...
CVE-2010-4275
Multiple cross-site scripting XSS vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 name or 2 descr parameter in an a updateusergroup or a b storenas action to admin.php...
Radius Manager 3.6 - Multiple Cross-Site Scripting Vulnerabilities
Radius Manager 3.6 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/45481/info Radius Manager is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...