Netis-WF2419 Cross Site Request Forgery

Exploit Title: Netis-WF2419 Router Cross-Site Request Forgery CSRF Date: 28/01/2018 Exploit Author: Sajibe Kanti Author Contact: https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419, V2.2.36123 Tested on: Windows 10 Technical Details & Descriptio...

Netis WF2419 Router - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Netis-WF2419 Router Cross-Site Request Forgery CSRF Exploit Author: Sajibe Kanti Author Contact: https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419, V2.2.36123 Tested on:...

Netis WF2419 Router - Cross-Site Request Forgery

Exploit Title: Netis-WF2419 Router Cross-Site Request Forgery CSRF Date: 28/01/2018 Exploit Author: Sajibe Kanti Author Contact: https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419, V2.2.36123 Tested on: Windows 10 Technical Details & Descriptio...

Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery

CODE input type="hidden" name="uid" id="uid"...

Cross site scripting

In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could...

Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities

Summary Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web. Moreover, it provides the ability to sync your data with Google Calendar so you can use them with other services. It is an open source project and you can...

X (Formerly Twitter): Persistent DOM-based XSS in https://help.twitter.com via localStorage

Summary: I've found a DOM-based XSS vulnerability in the website help.twitter.com that persists via a localStorage key lastArticleHref. The value of this localStorage key is used to dynamically generate a piece of HTML code without proper encoding or filtering allowing an attacker to inject...

Logitech Media Server 7.9.0 Cross Site Scripting

Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied Fo...

Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux...

Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting

Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0...

Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting

Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied For. POC: 1. Access and go to the Radio URL...

Endian Firewall Stored From XSS to Remote Command Execution

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system...

Cross site scripting

Cross-Site Scripting XSS was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data in /sources/folders.queries.php. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website...

SUSE-SU-2017:2453-1 Security update for SUSE Manager Server 3.0

This update for the SUSE Manager Server 3.0 provides several fixes and improvements. The following security issue has been fixed: spacewalk-java: - CVE-2017-7538: Do not allow HTML code injection via Cross Site Scripting XSS in the Organization Name. bsc1048968 Additionally, the following...

CVE-2017-12212

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...

CVE-2017-7737

An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code...

Cross site scripting

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance RSA IMG...

CVE-2017-8005

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance RSA IMG...

CVE-2017-8005

The CVE-2017-8005 entry affects EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA Identity Management and Governance (IMG). Affected are RSA Identity Governance and Lifecycle versions 7.0.1 and 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7...

Open-Xchange (OX) App Suite Multiple Cross Site Scripting Vulnerabilities (Jun 2017)

Open-Xchange OX App Suite is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Thi...