31 matches found
CVE-2017-18484
Cognitoys Dino devices allow XSS via the SSID...
CVE-2017-18485
Cognitoys Dino devices allow profilesadd.html CSRF...
EUVD-2017-17809
Malware in sbrugna...
EUVD-2017-17807
Malware in sbrugna...
EUVD-2017-9600
Malware in sbrugna...
EUVD-2017-9601
Malware in sbrugna...
Crunchbase Cognitoys Dino Cross-Site Request Forgery Vulnerability
Crunchbase Cognitoys Dino is a children's cognitive electronic learning toy from Crunchbase USA. A cross-site request forgery vulnerability exists in the Crunchbase Cognitoys Dino device. The vulnerability stems from the WEB application not adequately verifying that a request is from a trusted...
Crunchbase Cognitoys Dino Cross-Site Scripting Vulnerability
Crunchbase Cognitoys Dino is a children's cognitive electronic learning toy from Crunchbase USA. A cross-site scripting vulnerability exists in Crunchbase Cognitoys Dino. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit...
CVE-2017-18484
Cognitoys Dino devices allow XSS via the SSID...
CVE-2017-18485
Cognitoys Dino devices allow profilesadd.html CSRF...
Command injection
Cognitoys Dino devices allow XSS via the SSID...
Cross site request forgery (csrf)
Cognitoys Dino devices allow profilesadd.html CSRF...
CVE-2017-18484
Cognitoys Dino devices allow XSS via the SSID...
CVE-2017-18484
Cognitoys Dino devices are affected by CVE-2017-18484, a cross-site scripting (XSS) vulnerability that can be triggered via the SSID. Redhat/CNVD entries attribute the issue to a lack of proper validation of client-side data by the WEB application, enabling an attacker to execute client-side code...
CVE-2017-18485
CVE-2017-18485 affects Cognitoys Dino devices. The connected records describe a cross-site request forgery (CSRF) in the device’s web UI (notably in profiles_add.html). The CNVD entry states the vulnerability stems from the web application not adequately verifying that a request comes from a trus...
CVE-2017-18485
Cognitoys Dino devices allow profilesadd.html CSRF...
Elemental Path's CogniToys Dino Information Disclosure Vulnerability
Elemental Path's CogniToys Dino is a smart toy from Elemental Path's in the United States that is capable of voice communication with children. An information disclosure vulnerability exists in the Elemental Path CogniToys Dino using firmware version 0.0.794 and earlier. An attacker could use thi...
Elemental Path's CogniToys Dino Information Disclosure Vulnerability (CNVD-2018-00676)
Elemental Path's CogniToys Dino is a smart toy from Elemental Path's in the United States that is capable of voice communication with children. Elemental Path's CogniToys Dino using firmware version 0.0.794 and earlier suffers from a security vulnerability that stems from the program's use of a...
Elemental Path's CogniToys Dino Information Disclosure Vulnerability (CNVD-2018-00677)
Elemental Path's CogniToys Dino is a smart toy from Elemental Path's, USA that is capable of voice communication with children. An information disclosure vulnerability exists in Elemental Path's CogniToys Dino using firmware version 0.0.794 and earlier, which stems from the program's use of AES-1...
Path traversal
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device...