CVE-2018-12457

expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header...

CVE-2018-11714

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...

TP-Link TL-WR841N / TL-WR841ND Brute Force / CSRF

Hello list! There are Brute Force and Cross-Site Request Forgery vulnerabilities in TP-Link TL-WR841N and TL-WR841ND. ------------------------- Affected products: ------------------------- Vulnerable are the next models: TP-Link TL-WR841N and TL-WR841ND, Firmware Version 3.16.9 Build 151216. All...

Fortinet FortiAuthenticator Cross-Site Scripting Vulnerability (CNVD-2018-10945)

Fortinet FortiAuthenticator is a user identity management appliance that enhances enterprise security by simplifying and centralizing the management and storage of user identity information. A cross-site scripting vulnerability exists in the "CSRF Authentication Failure" page in Fortinet...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

Cross site scripting

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

TP-Link TL-WR840N / TL-WR841N Authentication Bypass

Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Date: 27 May 2018 Website: SecureLayer7.net Contact: [email protected] Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n Hardware: TL-WR841N v13 00000013 Version : Firmwar...

TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass

Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Date: 27 May 2018 Website: SecureLayer7.net Contact: [email protected] Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n Hardware: TL-WR841N v13 00000013 Version : Firmwar...

WordPress WP Statistics plugin cross-site scripting vulnerability (CNVD-2018-04482)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.WP Statistics is one of the website statistical analysis plugin. A cross-site scripting vulnerability exists in...

Ed: Oauth flow on the comments widget login can lead to the access code leakage

Description Hello. Here is a keyword: frog I discovered an little Oauth flow in the comments widget authentication process using redirecturi manipulations. The widget located on the all blogposts, which have URL https://edoverflow.com/2017/post-title/ Upon authentication, it appeared that code...

Cross site request forgery (csrf)

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header...

CVE-2017-7851

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header...

CVE-2017-7851

D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header...

PT-2017-17953 · D Link · Dcs-936L

Name of the Vulnerable Software and Affected Versions: D-Link DCS-936L versions prior to 1.05.07 Description: The issue is related to an inadequate CSRF protection mechanism. It requires the device's IP address to be a substring of the HTTP Referer header. Recommendations: For versions prior to...

The vulnerability of the login_mgrc.i program component in the DNR-320L, DNS-320LW, DNR-322L, DNR-326, and DNS-327L routers’ software allows a hacker to execute arbitrary code.

The vulnerability of the loginmgrc.cgi component of the DNR-320L, DNS-320LW, DNR-322L, DNR-326, and DNS-327L router microprogramming systems arises due to buffer overflows in the stack. Exploitation of this vulnerability allows an attacker to execute arbitrary code by creating specially crafted...

Avito: CSS injection in avito.ru via IE11

Hi Team Security @avito I discovered CSS Injection on avito.ru in form search via IE11 Description CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to...