330 matches found
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
Exploit Title: Digi AnywhereUSB 14 - Reflective Cross-Site Scripting Date: 2019-11-10 Exploit Author: Raspina Net Pars Group Vendor Homepage: https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/awusb Version: 1.93.21.19 CVE : CVE-2019-18859 PoC GET...
CVE-2019-18859
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page...
CVE-2019-18859
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page...
Design/Logic Flaw
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page...
CVE-2019-18859
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page...
CVE-2019-18859
Digi AnywhereUSB 14 is affected by a Cross-Site Scripting (XSS) vulnerability triggered via a crafted link to the Digi Page. Public details across multiple sources (CNVD-2020-02220, Packet Storm, Exploit-DB, PT-2020-9993) confirm this issue and describe the affected product as Digi AnywhereUSB 14...
PT-2020-9993 · Digi · Digi Anywhereusb
Name of the Vulnerable Software and Affected Versions: Digi AnywhereUSB version 14 Description: The issue allows for cross-site scripting XSS via a link for the Digi Page. Recommendations: For Digi AnywhereUSB version 14, update to a version that includes a fix for this issue, or as a temporary...
Denial of Service Vulnerability in DIGI PortServer TS 1 TCP Protocol
The PortServer TS series of terminal servers provide simple, reliable and cost-effective serial connections to the network. A denial of service vulnerability exists in the DIGI PortServer TS 1 TCP protocol. An attacker could exploit the vulnerability to launch a denial of service attack...
CVE-2018-20162
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...
CVE-2018-20162
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...
Input validation
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root...
CVE-2018-20162
CVE-2018-20162 concerns Digi TransPort LR54 (firmware 4.4.0.26 and possibly earlier) where an Improper Input Validation vulnerability in the restricted shell allows a user with super CLI access to bypass the shell restrictions and execute arbitrary commands as root. Connected sources describe the...
Digi TransPort LR54 Restricted Shell Escape
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape =========================================================== The Digi TransPort LR54 is a high speed LTE router commonly used by industry, infrastructure, retail and public transportation. I...
Digi TransPort LR54 Restricted Shell Escape Vulnerability
Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell. CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape =========================================================== The Digi TransPort LR54 is a high speed LTE router commonly used by industry,...
digi-sign.nl XSS vulnerability
Open Bug Bounty ID: OBB-642259 Description| Value ---|--- Affected Website:| digi-sign.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
digi-store.pl XSS vulnerability
Open Bug Bounty ID: OBB-612140 Description| Value ---|--- Affected Website:| digi-store.pl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Panda Driving Letter Android App Has Arbitrary Points Redemption Vulnerability
Panda Driving Letter is a traffic control and travel service software developed by Chengdu Digi Information Technology Co. Panda Driving Letter Android App has an arbitrary points exchange vulnerability. Due to a design flaw in the Panda Driving Letter Android app payment interface, an attacker c...
CVE-2003-0588
admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password...
CVE-2003-0588
CVE-2003-0588 affects Digi-news 1.1. The vulnerability is an authentication bypass in admin.php: a crafted cookie whose username equals the administrator’s name satisfies an improper condition and does not require a correct password. This allows remote attackers to gain admin access without valid...
CVE-2003-0589
admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password...