Lucene search
+L

67 matches found

huntr
huntr
added 2021/12/27 2:42 a.m.17 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description The Mobile Options settings does not sanitise and escape the $mboptions'fcmkey' parameter lead to stored XSS Proof of Concept Go to Mobile settings, fill XSS payload into FCM Key field kind of: somekey" Impact XSS can have huge implications for a web application and its users. User...

3.5CVSS0.5AI score0.00531EPSS
Exploits1
nessus
nessus
added 2021/02/02 12:0 a.m.35 views

Cisco FXOS Software Firepower Chassis Manager XSRF (cisco-sa-fxosfcm-csrf-uhO4e5BZ)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by a cross-site request forgery vulnerability. The vulnerability is due to insufficient CSRF protections for the FCM interface. An unauthenticated, remote attacker can exploit this vulnerability b...

8.8CVSS8.1AI score0.0055EPSS
Exploits0References4
hackerone
hackerone
added 2020/02/05 3:58 p.m.23 views

Smule: [com.smule.autorap.*] Cloud Messaging/Push Notification service takeover due to clear-text usage of Legacy FCM Server keys in the client app

Potential FCM issues across several apps investigated and remediated. Reference to Research: https://twitter.com/absshax/status/1295383047295008768?s=19...

1AI score
Exploits0
cnvd
cnvd
added 2019/07/09 12:0 a.m.2 views

Dynacolor FCM-MB40 Trust Management Issues Vulnerability

Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan, China. A trust management issue vulnerability exists in the Dynacolor FCM-MB40 v1.2.0.0. The vulnerability stems from the lack of an effective trust management mechanism in the network system or product. An attacker can exploit default...

5.9CVSS6.9AI score0.01137EPSS
Exploits1References1
cnvd
cnvd
added 2019/07/09 12:0 a.m.5 views

Dynacolor FCM-MB40 Cross-Site Request Forgery Vulnerability

Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan, China. A cross-site request forgery vulnerability exists in scripts under cgi-bin/ in the Dynacolor FCM-MB40 v1.2.0.0, which arises from a network system or product that does not adequately verify the origin or authenticity of data, and c...

8.8CVSS6.8AI score0.00636EPSS
Exploits1References1
cnvd
cnvd
added 2019/07/09 12:0 a.m.4 views

Dynacolor FCM-MB40 Command Injection Vulnerability

Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan, China. A security vulnerability exists in the Dynacolor FCM-MB40 v1.2.0.0. A remote attacker can exploit the vulnerability to execute arbitrary code with the help of specially crafted parameters...

9CVSS7.9AI score0.04149EPSS
Exploits1References1
nvd
nvd
added 2019/07/08 1:15 a.m.21 views

CVE-2019-13401

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/...

8.8CVSS8.8AI score0.00636EPSS
Exploits1References1
nvd
nvd
added 2019/07/08 1:15 a.m.23 views

CVE-2019-13402

/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset...

8.8CVSS8.9AI score0.01521EPSS
Exploits1References1
nvd
nvd
added 2019/07/08 1:15 a.m.24 views

CVE-2019-13400

Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info...

9.8CVSS9.4AI score0.01644EPSS
Exploits1References1
osv
osv
added 2019/07/08 1:15 a.m.5 views

CVE-2019-13402

/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset...

8.8CVSS7.3AI score0.01521EPSS
Exploits1References1
osv
osv
added 2019/07/08 1:15 a.m.8 views

CVE-2019-13401

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/...

8.8CVSS7.3AI score0.00636EPSS
Exploits1References1
nvd
nvd
added 2019/07/08 1:15 a.m.29 views

CVE-2019-13399

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation...

5.9CVSS5.8AI score0.01137EPSS
Exploits1References1
osv
osv
added 2019/07/08 1:15 a.m.7 views

CVE-2019-13399

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation...

5.9CVSS6.2AI score0.01137EPSS
Exploits1References1
nvd
nvd
added 2019/07/08 1:15 a.m.26 views

CVE-2019-13398

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

9CVSS7.5AI score0.04149EPSS
Exploits1References1
osv
osv
added 2019/07/08 1:15 a.m.7 views

CVE-2019-13398

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

7.2CVSS7.3AI score0.04149EPSS
Exploits1References1
prion
prion
added 2019/07/08 1:15 a.m.17 views

Hardcoded credentials

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation...

4.3CVSS5.8AI score0.01137EPSS
Exploits1References1Affected Software1
prion
prion
added 2019/07/08 1:15 a.m.17 views

Design/Logic Flaw

Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info...

5CVSS9.3AI score0.01644EPSS
Exploits1References1Affected Software1
prion
prion
added 2019/07/08 1:15 a.m.18 views

Sql injection

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...

9CVSS7.4AI score0.04149EPSS
Exploits1References1Affected Software1
prion
prion
added 2019/07/08 1:15 a.m.13 views

Authorization

/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset...

6.5CVSS8.8AI score0.01521EPSS
Exploits1References1Affected Software1
prion
prion
added 2019/07/08 1:15 a.m.17 views

Cross site request forgery (csrf)

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/...

6.8CVSS8.7AI score0.00636EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder