Design/Logic Flaw

In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160871056...

CVE-2019-16914

An XSS issue was discovered in pfSense through 2.4.4-p3. In servicescaptiveportalmac.php, the username and delmac parameters are displayed without sanitization...

Cross site scripting

An XSS issue was discovered in pfSense through 2.4.4-p3. In servicescaptiveportalmac.php, the username and delmac parameters are displayed without sanitization...

CVE-2018-15515

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges...

Code injection

The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices will load a Trojan horse "quserex.dll" from the CaptivelPortal.exe subdirectory under the D-Link directory, which allows unprivileged local users to gain SYSTEM privileges...