5908 matches found
Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-0...
CVE-2017-7529
A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory b...
Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery
Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Sarix Enhanced - Model: IME219 Firmware: 2.1.2.0.8280-A0.0 Sarix Enhanced - Model: IME119 Firmware: 2.1.2.0.8280-A0.0 Sarix - Model:...
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access Vulnerability
Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileg...
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...
Starbucks: Possible SOP bypass in www.starbucks.com due to insecure crossdomain.xml
Hello. I was penetration testing your website, and noticed that your crossdomain.xml file allowed many sites access. I went through and, for all the sites that had .website.com with them, I scanned them for subdomains. I found that a subdomain for ███████.com a site in your crossdomain.xml as...
CVE-2017-2827
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in...
BigTree-CMS 4.2.x < 4.2.17 Multiple Vulnerabilities
Binary data 700143.prm...
Security vulnerabilities fixed in Firefox 54 — Mozilla
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...
Arbitrary Outbound HTTP Requests
Moodle is susceptible to arbitrary outbound HTTP requests. classes/GoogleSpell.php fails to sanitize the control characters from the $lang and $str strings. classes/GoogleSpell.php is used in the PHP Spellchecker aka Google Spellchecker addon for TinyMCE which is used within Moodle...
Splunk Enterprise alerts alerts_id Server-Side Request Forgery
A sever-side request forgery vulnerability exists in the alerts web interface of Splunk Enterprise. The vulnerability is due to a lack of validation on the alertsid parameter in HTTP requests sent to the alerts page. A remote, unauthenticated attacker can exploit this vulnerability by enticing an...
XML External Entity (XXE)
Zend Framework ZF1 is vulnerable to XML External Entity XXE attacks. Using these attacks, it is possible to read files, send HTTP requests to intranet servers and cause denial of service DoS conditions though CPU and memory consumption...
CVE-2017-6643
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensiti...
Design/Logic Flaw
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensiti...
CVE-2017-6644
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
Design/Logic Flaw
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
CVE-2017-6646
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
Design/Logic Flaw
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when...
Design/Logic Flaw
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive...