12 matches found
EUVD-2015-3365
Malware in sbrugna...
EUVD-2015-2871
Malware in sbrugna...
HotExBilling Manager Cross-site scripting (XSS) vulnerability
Title: ==== HotExBilling Manager – Cross-site scripting XSS vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-2781 Date: ==== 12-03-2015 dd/mm/yyyy Vendor: ====== Hotspot Express has been in the billing solution business sinc...
Hotspot Express hotEx Billing Manager Cross-Site Scripting Vulnerability
Hotspot Express is a complete WiFi solution from Hotspot Express India that manages and protects wired and wireless networks. hotEx Billing Manager is one of the software solutions that integrates Captive Portal, AAA and Billing for WiFi hotspot management. Hotspot Express hotEx Billing Manager i...
Design/Logic Flaw
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2015-3319
CVE-2015-3319 affects Hotspot Express hotEx Billing Manager version 73. The root cause is absence of the HttpOnly flag in Set-Cookie headers, enabling potential access to cookies via client-side scripts by remote attackers. Multiple sources (NVD entry and CNVD/OpenVAS notes) corroborate this expo...
CVE-2015-3319
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Hotspot Express hotEx Billing Manager cgi-bin/hotspotlogin.cgi Cross-Site Scripting Vulnerability
Hotspot Express hotEx Billing Manager is a billing management system. A cross-site scripting vulnerability in Hotspot Express hotEx Billing Manager cgi-bin/hotspotlogin.cgi allows attackers to submit special reply parameters to inject malicious HTML or scripts and obtain sensitive information...
CVE-2015-2781
Cross-site scripting XSS vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...
CVE-2015-2781
Cross-site scripting XSS vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...
CVE-2015-2781
CVE-2015-2781 describes a cross-site scripting (XSS) vulnerability in Hotspot Express hotEx Billing Manager 73, via the hotspotlogin.cgi parameter reply. A malicious user can inject script into pages viewed by other users; PoC shows script execution (e.g., alert(document.cookie)). The vulnerable ...