Lucene search
+L

7 matches found

Check Point Advisories
Check Point Advisories
added 2020/11/25 12:0 a.m.93 views

RAD SecFlow-1v Cross Site Request Forgery (CVE-2020-13259)

A cross site request forgery vulnerability exists in RAD SecFlow-1v. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9.3CVSS5.6AI score0.04663EPSS
Exploits6
NVD
NVD
added 2020/09/17 8:15 p.m.62 views

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

6.1CVSS0.01982EPSS
Exploits5References3
Prion
Prion
added 2020/09/17 8:15 p.m.22 views

Cross site scripting

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

4.3CVSS7AI score0.04663EPSS
Exploits7References3Affected Software1
Cvelist
Cvelist
added 2020/09/17 7:49 p.m.77 views

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

7AI score0.01982EPSS
Exploits5References3
CVE
CVE
added 2020/09/16 6:27 p.m.89 views

CVE-2020-13259

CVE-2020-13259 affects RAD SecFlow-1v os-image SF_0290_2.3.01.26: a CSRF weakness in the web UI allows an unauthenticated attacker to perform actions via a persuaded user, potentially with the user’s privileges. The CVSSv3.1 base score is 8.8 (HIGH); exploit scenario requires user interaction. Th...

9.3CVSS7.5AI score0.04663EPSS
Exploits6References2Affected Software1
Cvelist
Cvelist
added 2020/09/16 6:27 p.m.61 views

CVE-2020-13259

A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF02902.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on a...

7.7AI score0.04663EPSS
Exploits6References2
Packet Storm
Packet Storm
added 2020/09/14 12:0 a.m.516 views

RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery

Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Cross-Site Request Forgery Reboot Date: 2020-08-31 Exploit Author: Uriel Yochpaz and Jonatan Schor Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A...

0.7AI score0.04663EPSS
Exploits7
Rows per page
Query Builder