ECESSA ShieldLink SL175EHQ Cross-Site Request Forgery Vulnerability

ECESSA ShieldLink SL175EHQ is a WAN link controller from ECESSA, which includes ISP/WAN link aggregation, load balancing and traffic monitoring. A cross-site request forgery vulnerability exists in ECESSA ShieldLink SL175EHQ version 10.7.4. A remote attacker can exploit this vulnerability to add ...

CVE-2018-13032

ECESSA ShieldLink SL175EHQ devices running in 10.7.4 are affected by a CSRF vulnerability in the cgi-bin/pl_web.cgi/util_configlogin_act endpoint, enabling an attacker to add a superuser account. The issue is documented across multiple sources (NVD/NVDC CNVD) with explicit version 10.7.4 and the ...

CVE-2018-11689

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewerloginpage data3 parameter. The same Web Viewer codebase was transitioned from Samsung to Hanwha...

Intelbras NCLOUD 300 Router Authentication Bypass Vulnerability

The authentication in Intelbras NCLOUD 300 Routers can be bypassed. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

univ-littoral.fr XSS vulnerability

Open Bug Bounty ID: OBB-609821 Description| Value ---|--- Affected Website:| univ-littoral.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Routers2 2.24 - Cross-Site Scripting

Exploit Title: Routers2 2.24 - Reflected Cross-Site Scripting Date: 18-01-18 Vendor Homepage: http://www.steveshipway.org/software/ Software Link: https://github.com/sshipway/routers2 Version: 2.24 CVE: CVE-2018-6193 Platform: Perl Category: webapps Exploit Author: Lorenzo Di Fuccia Contact:...

pirkanmaanpool.fi XSS vulnerability

Open Bug Bounty ID: OBB-564983 Description| Value ---|--- Affected Website:| pirkanmaanpool.fi Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-6193

A Cross-Site Scripting XSS vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl...

Cross site scripting

A Cross-Site Scripting XSS vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl...

CVE-2018-5728

CVE-2018-5728 concerns Cobham Sea Tel 121 build 222701 devices. A remote attacker can disclose potentially sensitive information by sending a request to /cgi-bin/getSysStatus, exposing ship latitude/longitude and satellite details. The vulnerability is described as an information disclosure issue...

Innotube ITGuard-Manager cgi-bin/drknow.cgi file remote code execution vulnerability

Innotube ITGuard-Manager is an IT asset management system. A security vulnerability exists in the cgi-bin/drknow.cgi file in Innotube ITGuard-Manager version 0.0.0.1. The vulnerability can be exploited by a remote attacker to execute arbitrary operating system commands via shell metacharacters in...

Design/Logic Flaw

cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter...

Multi-Product Anti-We Remote Command Execution Vulnerability

NetBiter/HMS, etc. are gateway devices made by different companies. anti-Web is one of the anti-virus components used in them. A security vulnerability exists in the cgi-bin/write.cgi file of Anti-Web 3.8.7 and earlier versions in several products. The vulnerability can be exploited by remote...

Meinberg LANTIME Web Configuration Utility Arbitrary File Read Vulnerability

Meinberg LANTIME is an NTP time server from Meinberg, Germany.Web Configuration Utility is one of the web configuration utilities. A security vulnerability exists in the Web Configuration Utility on Meinberg LANTIME with firmware prior to version 6.24.004. A remote attacker can exploit the...

CVE-2017-17888

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 -- AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary ...

CVE-2017-17888

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 -- AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary ...

Open redirect

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the getdevicebyif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd...

CVE-2017-17757

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the getdevicebyif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd...

CVE-2017-17757

CVE-2017-17757 affects TP-Link TL-WVR and TL-WAR devices. The vulnerability exists in the uhttpd web interface (admin/wportal) via shell metacharacters in the interface field passed to cgi-bin/luci, related to get_device_byif in /usr/lib/lua/luci/controller/admin/wportal.lua, allowing remote auth...

CVE-2017-17758

CVE-2017-17758 affects TP-Link TL-WVR and TL-WAR devices. A remote authenticated user can execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, tied to zone_get_iface_bydev in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. C...