EUVD-2021-26710

Malware in sbrugna...

CVE-2021-3380

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

CVE-2019-17667

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...

h8-b7.powerweb.de Cross Site Scripting vulnerability OBB-3462585

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-3380

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

Design/Logic Flaw

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

CVE-2021-3380

CVE-2021-3380 is an IDOR vulnerability in the ICREM H8 SSRMS Print Invoice functionality. The root cause is insecure direct object reference, allowing disclosure of sensitive information. The description is confirmed across multiple sources (NVD, RH, CVE list, CNNVD). No concrete patch/version re...

CVE-2021-3380

Insecure direct object reference IDOR vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality...

CVE-2019-17667

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...

CVE-2019-17667

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...

Cross site scripting

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...

CVE-2019-17667

Summary of CVE-2019-17667 : Affected product is the Comtech H8 Heights Remote Gateway, version 2.5.1. The cited issue is an XSS/HTML injection vulnerability exposed through the SiteName field. The connected PT-2019-15246 entry confirms the affected software/versions and provides a concrete remedi...

CVE-2019-17667

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name aka SiteName field...

PT-2019-15246

Name of the Vulnerable Software and Affected Versions Comtech H8 Heights Remote Gateway version 2.5.1 Description The issue allows for XSS and HTML injection attacks through the SiteName field. Recommendations For Comtech H8 Heights Remote Gateway version 2.5.1, avoid using the SiteName field unt...

CVE-2016-10225

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxidebug/sunxidebug...

Code injection

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxidebug/sunxidebug...

CVE-2016-10225

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending “rootmydevice” to /proc/sunxidebug/sunxidebug. Recent assessments: h00die at March 24, 2020 11:24pm UTC reported: This vulnerability is unbelievably easy to...

Allwinner 3.4 Legacy Kernel Local Privilege Escalation

Exploit for hardware platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule "Allwinner 3.4 Legacy Kernel Local Privilege Escalation", "Description...