Lucene search
K

5908 matches found

0day.today
0day.today
added 2017/07/14 12:0 a.m.50 views

Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-0...

0.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2017/07/12 5:50 a.m.109 views

CVE-2017-7529

A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory b...

7.5CVSS1.3AI score0.62597EPSS
Exploits6References2
Zero Science Lab
Zero Science Lab
added 2017/07/12 12:0 a.m.76 views

Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2017/07/11 12:0 a.m.69 views

Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access

Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0.0 Sarix Enhanced - Model: IME119 Firmware: 2.1.2.0.8280-A0.0 Sarix - Model:...

0.8AI score
Exploits0
0day.today
0day.today
added 2017/07/11 12:0 a.m.51 views

Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access Vulnerability

Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileg...

6.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/07/10 12:0 a.m.199 views

Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access

Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2017/06/29 8:5 p.m.52 views

Starbucks: Possible SOP bypass in www.starbucks.com due to insecure crossdomain.xml

Hello. I was penetration testing your website, and noticed that your crossdomain.xml file allowed many sites access. I went through and, for all the sites that had .website.com with them, I scanned them for subdomains. I found that a subdomain for ███████.com a site in your crossdomain.xml as...

0.3AI score
Exploits0
OSV
OSV
added 2017/06/21 1:29 p.m.4 views

CVE-2017-2827

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in...

8.8CVSS5.9AI score0.07802EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2017/06/21 12:0 a.m.20 views

BigTree-CMS 4.2.x < 4.2.17 Multiple Vulnerabilities

Binary data 700143.prm...

9.8CVSS5.4AI score0.01988EPSS
Exploits6References7
Mozilla
Mozilla
added 2017/06/13 12:0 a.m.541 views

Security vulnerabilities fixed in Firefox 54 — Mozilla

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...

9.8CVSS0.7AI score0.02869EPSS
Exploits3References32Affected Software1
Veracode
Veracode
added 2017/06/07 6:38 a.m.19 views

Arbitrary Outbound HTTP Requests

Moodle is susceptible to arbitrary outbound HTTP requests. classes/GoogleSpell.php fails to sanitize the control characters from the $lang and $str strings. classes/GoogleSpell.php is used in the PHP Spellchecker aka Google Spellchecker addon for TinyMCE which is used within Moodle...

5CVSS6.3AI score0.02288EPSS
Exploits0References8Affected Software1
Check Point Advisories
Check Point Advisories
added 2017/06/07 12:0 a.m.1 views

Splunk Enterprise alerts alerts_id Server-Side Request Forgery

A sever-side request forgery vulnerability exists in the alerts web interface of Splunk Enterprise. The vulnerability is due to a lack of validation on the alertsid parameter in HTTP requests sent to the alerts page. A remote, unauthenticated attacker can exploit this vulnerability by enticing an...

1.5AI score
Exploits0
Veracode
Veracode
added 2017/06/02 6:2 a.m.29 views

XML External Entity (XXE)

Zend Framework ZF1 is vulnerable to XML External Entity XXE attacks. Using these attacks, it is possible to read files, send HTTP requests to intranet servers and cause denial of service DoS conditions though CPU and memory consumption...

5CVSS9AI score0.01705EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2017/05/22 1:29 a.m.13 views

CVE-2017-6643

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensiti...

5.3CVSS5.3AI score0.02663EPSS
Exploits0References2
Prion
Prion
added 2017/05/22 1:29 a.m.12 views

Design/Logic Flaw

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensiti...

5CVSS5.2AI score0.02663EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/05/22 1:29 a.m.12 views

CVE-2017-6644

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...

5.3CVSS5.3AI score0.02663EPSS
Exploits0References2
Prion
Prion
added 2017/05/22 1:29 a.m.13 views

Design/Logic Flaw

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...

5CVSS5.2AI score0.02663EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/05/22 1:29 a.m.16 views

CVE-2017-6646

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...

5.3CVSS5.3AI score0.02663EPSS
Exploits0References2
Prion
Prion
added 2017/05/22 1:29 a.m.10 views

Design/Logic Flaw

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...

5CVSS5.2AI score0.02663EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/05/22 1:29 a.m.15 views

Design/Logic Flaw

A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive...

5CVSS5.2AI score0.02663EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder