16 matches found
EUVD-2020-19271
Malware in sbrugna...
CVE-2020-26733
Cross Site Scripting XSS in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section...
Skyworth Gn542vf Information Disclosure Vulnerability
Skyworth Gn542vf is an Internet TV device from Skyworth, a Chinese company. A security vulnerability exists in Skyworth GN542VF Boa version 0.94.13, which can be exploited by an attacker to capture session cookies...
CVE-2020-26732
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
CVE-2020-26733
Cross Site Scripting XSS in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section...
CVE-2020-26732
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
CVE-2020-26733
Cross Site Scripting XSS in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section...
Cross site scripting
Cross Site Scripting XSS in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section...
Session fixation
SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
CVE-2020-26733
Cross Site Scripting XSS in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section...
CVE-2020-26733
CVE-2020-26733: XSS in the Configuration page of SKYWORTH GN542VF (HW 2.0 / SW 2.0.0.16). The vulnerability resides in the DDNS Configuration section, allowing an authenticated attacker to inject script via that page. Documented impact is Cross Site Scripting with partial integrity impact and low...
Skyworth Gn542vf Cross-Site Scripting Vulnerability
The Skyworth Gn542vf is an Internet TV device from Skyworth, a Chinese company. The Skyworth Gn542vf Hardware Version 2.0 and Software Version 2.0.0.16 suffers from a cross-site scripting vulnerability that can be exploited by an authenticated attacker to inject their own scripts into a page via...
Skyworth Gn542vf 安全漏洞
Skyworth Gn542vf is an Internet TV device from Skyworth, a Chinese company. A security vulnerability exists in Skyworth GN542VF Boa version 0.94.13, which can be exploited by an attacker to capture session cookies...
CVE-2020-26732
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...
CVE-2020-26732
The CVE affects SKYWORTH GN542VF devices: Hardware Version 2.0 and Software Version 2.0.0.16 have session cookies that do not set the Secure flag in HTTPS, enabling potential cookie capture over HTTP sessions. Related entries also mention Boa version 0.94.13. The impact is confidentiality loss if...
CVE-2020-26732
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session...