2965 matches found
AgentTesla Builder Web Panel SQL Injection
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: SQL Injection Description: The AgentTeslaBuilder WebUI...
AgentTesla Builder Web Panel Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting XSS Description: AgentTeslaBuilder...
AgentTesla Builder Web Panel Cross Site Scripting Vulnerability
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7.txt Contact: email protected Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting XSS Description: AgentTeslaBuilder WebU...
Ab Stealer Web Panel Cross Site Scripting Vulnerability
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9e44c10307aa8194753896ecf8102167.txt Contact: email protected Media: twitter.com/malvuln Threat: Ab Stealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The "Ab Stealer"...
Win32.MarsStealer Web Panel Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...
AgentTesla Builder Web Panel SQL Injection Vulnerability
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7B.txt Contact: email protected Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: SQL Injection Description: The AgentTeslaBuilder WebUI uses...
Win32.MarsStealer Web Panel Unauthenticated Remote Data Deletion
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Data Deletion Description: The...
CVE-2021-38013
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2021-38013
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page...
DEBIAN-CVE-2021-38013
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2021-38013
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page...
CVE-2021-38013
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page...
Cross site scripting
Cross-site scripting vulnerability in Wi-Fi STATION SH-52A 38JP111G, 38JP111J, 38JP111K, 38JP111L, 38JP126F, 38JP126G, 38JP126J, 38JP203B, and 38JP203C allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device...
CVE-2021-20847
CVE-2021-20847 is a cross-site scripting vulnerability in Wi‑Fi STATION SH-52A devices (models 38JP_1_11G/J/K/L and 38JP_1_26F/G/J, 38JP_2_03B/C) that allows a remote, unauthenticated attacker to inject arbitrary script via the device WebUI. The public descriptions identify the flaw as CWE-79 XSS...
CVE-2021-20847
Cross-site scripting vulnerability in Wi-Fi STATION SH-52A 38JP111G, 38JP111J, 38JP111K, 38JP111L, 38JP126F, 38JP126G, 38JP126J, 38JP203B, and 38JP203C allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device...
CVE-2021-33210
An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can in the WebUI obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant...
Authentication flaw
An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can in the WebUI obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant...
CVE-2021-33210
CVE-2021-33210 affects Fimer Aurora Vision prior to 2.97.10. The flaw allows an unauthenticated user in the WebUI to read API responses from a plant kiosk view, effectively exposing plant information without authorization. The issue is described across multiple sources (including NVD/Red Hat refe...
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
Impact rucio-webui installations of the 1.26 release line potentially leak the contents of cookies to other sessions within a wsgi container. Impact is that Rucio authentication tokens are leaked to other users accessing the webui within a close timeframe, thus allowing users to access the webui...
GHSA-V988-828W-XVF2 Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
Impact rucio-webui installations of the 1.26 release line potentially leak the contents of cookies to other sessions within a wsgi container. Impact is that Rucio authentication tokens are leaked to other users accessing the webui within a close timeframe, thus allowing users to access the webui...