CVE-2025-15505

Luxul XWR-600 Web Administration Interface is affected by a cross-site scripting vulnerability, tracked as CVE-2025-15505, impacting versions up to 4.0.1. The flaw arises from manipulating the Guest Network/Wireless Profile SSID argument, enabling remote exploitation. Multiple sources confirm pub...

CVE-2025-15505 Luxul XWR-600 Web Administration cross site scripting

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

PT-2026-1782

Name of the Vulnerable Software and Affected Versions Luxul XWR-600 versions prior to 4.0.2 Description A cross-site scripting issue exists in the Web Administration Interface component of Luxul XWR-600. The issue is triggered by manipulating the SSID argument within the Guest Network/Wireless...

ALC WebCTRL XML External Entity Injection Vulnerability

ALC WebCTRL is a building automation control system from Automated Logic Corporation ALC. An XML external entity injection vulnerability exists in ALC WebCTRL. The vulnerability can be exploited to disclose the contents of a file on the underlying web server operating system via the 'X-Wap-Profil...

CVE-2018-8209

An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

Windows Gather Wireless Profile

This module extracts saved Wireless LAN profiles. It will also try to decrypt the network key material. Behavior is slightly different between OS versions when it comes to WPA. In Windows Vista/7 we will get the passphrase. In Windows XP we will get the PBKDF2 derived key. This module requires...