4 matches found
EUVD-2018-19352
Malware in sbrugna...
Code injection
Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...
CVE-2018-7632
CVE-2018-7632 concerns the httpd component of EpiCentro firmware (E_7.3.2+). The vulnerability is a buffer overflow triggered by a remote attacker sending a specially crafted GET request whose URL begins with a leading â/â. The consequence documented is a denial of service. Exploitation details, ...
CVE-2018-7633
The CVE-2018-7633 entry concerns Epicentro firmware (E_7.3.2+) where the /ui/login form Language parameter is vulnerable to code injection. The issue allows an attacker to cause JavaScript execution by directing a user to submit a tampered POST request, indicating an input handling flaw in the lo...