148 matches found
CVE-2019-15571
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php...
Sql injection
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php...
CVE-2019-15571
CVE-2019-15571: SQL injection in ClonOS WEB control panel (clonos.php) before 2019-04-30. Affects web component; CVSS indicates NETWORK access, no authentication, and impacts on confidentiality, integrity, and availability (all PARTIAL/HIGH for CVSS3). No remediation details are provided in the s...
CVE-2019-15571
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php...
McAfee Endpoint Security Web Control Detection (Windows SMB Login)
Detects the installed version of McAfee Endpoint Security Web Control for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Heatmiser WiFi thermostat vulnerabilities
Update – if your heating is misbehaving you need to disable port forwarding to port 80 and port 8068. This should be simply following the reverse of whatever you did to set port forwarding up. Alternatively, you could disable WiFi entirely by putting invalid SSID and password in – I believe the...
Lazy async SVG rasterisation
Phwoar I love a good sciency-sounding title. SVG can be slow When transforming an SVG image, browsers try to render on every frame to keep the image as sharp as possible. Unfortunately SVG rendering can be slow, especially for non-trivial images. Here's a demo, press "Scale SVG". Devtools timelin...
Intel Security McAfee Endpoint Security Web Control Cross-Site Scripting Vulnerability
McAfee Endpoint Security is an integrated security solution that protects servers, endpoint computer systems, laptops and tablets against all types of threats. A cross-site scripting vulnerability exists in Intel Security McAfee Endpoint Security Web Control. It allows attackers to inject arbitra...
CVE-2016-8011
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security ENS Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site...
Cross site scripting
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security ENS Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site...
CVE-2016-8011
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security ENS Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site...
CVE-2016-8011
The CVE-2016-8011 entry concerns Intel Security McAfee Endpoint Security (ENS) Web Control prior to 10.2.0.408.10. The vulnerability is a cross-site scripting flaw that allows an attacker to inject arbitrary web script or HTML via a crafted website. This affects the Web Control component and coul...
CVE-2016-8011
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security ENS Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site...
Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on March 1, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified vulnerabilities in Eaton Lighting Systems’ EG2 Web Control application. Eaton Lighting Systems...
Kabona AB WDC Brute Force Decryption Vulnerability
Kabona AB WDC is a web-based SCADA system from the Swedish company Kabona AB. A security vulnerability exists in Kabona AB WDC versions prior to 3.4.0, which stems from the program failing to limit the number of authentication attempts. An attacker could exploit this vulnerability to conduct a...
CVE-2016-2272
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie...
CVE-2016-2272
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie...
Design/Logic Flaw
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request...
Code injection
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie...
CVE-2016-0871
The CVE-2016-0871 issue affects Eaton Lighting EG2 Web Control (V4.04P and prior). Root causes include CWE-565: Reliance on Cookies without Validation, and CWE-312: Cleartext Storage of Sensitive Information. A remote attacker could read configuration files and view credentials via a direct reque...