2912 matches found
Deluge Cross-Site Request Forgery Vulnerability
Deluge is a BitTorrent client.WebUI is one of the components that launches the web interface. A cross-site request forgery vulnerability exists in Deluge's Web UI. An attacker could use this vulnerability to perform unauthorized operations and access affected applications...
Ubiquiti Inc.: Ability to log in as any user without authentication if █████████ is empty
Devices that can be monitored by airControl include a ticket based authentication system that allows access to the WebUI using a ticket id. This system had a flaw that allowed unauthenticated access without a valid ticket, given these requirements were met: 1. A device was monitored by airControl...
[SECURITY] [DLA 863-1] deluge security update
Package : deluge Version : 1.3.3-2+nmu1+deb7u1 CVE ID : CVE-2017-7178 Debian Bug : 857903 It was discovered that there was a cross-site request forgery vulnerability in the WebUI component of the "deluge" Bittorrent client. For Debian 7 "Wheezy", this issue has been fixed in deluge version...
Fedora 24 : deluge (2017-ce66f11df1)
Core 2889: Fixed 'Too many files open' errors. 2861: Added support for python-geoip for use with libtorrent 1.1. 2149: Fixed a single proxy entry being overwritten resulting in no proxy set. UI Added trackerstatus translation to UIs. GtkUI 2901: Strip whitespace from infohash before checks. Add...
MikroTik RouterOS Detection Consolidation
Consolidation of MikroTik RouterOS detections. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS...
CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...
CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...
Cross site scripting
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS...
Code injection
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...
CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS...
CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...
CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS...
CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS...
CVE-2017-6504
CVE-2017-6504 affects the qBittorrent WebUI prior to 3.3.11, where the application did not set the X-Frame-Options header, potentially enabling clickjacking. Public details in the provided documents confirm the vulnerable component (WebUI), the condition (before 3.3.11), and the impact (clickjack...
CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...
CVE-2017-6503
CVE-2017-6503/6504 affect qbittorrent WebUI prior to 3.3.11. The WebUI did not escape many values (CVE-2017-6503), potentially enabling XSS, and did not set X-Frame-Options (CVE-2017-6504), potentially enabling clickjacking. Public advisories from Debian, Fedora, openSUSE and others indicate thes...
CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...
CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS...
CVE-2016-8494
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme...