108 matches found
CVE-2017-17463
CVE-2017-17463 affects Vivo modems. The vulnerability allows remote attackers to disclose sensitive information by reading the index.cgi?page=wifi HTML source code, with examples including ssid and psk_wepkey fields. Exploitation status, affected models/versions, root cause specifics, and remedia...
Barracuda Networks Web Application Firewall 660 HTML Injection Vulnerability
Barracuda Networks Web Application Firewall 660 is a web application firewall from Barracuda Networks. An HTML injection vulnerability exists in the cgi-mod/index.cgi file in the Barracuda Networks Web Application Firewall 660. When a user browses the affected site, their browser will execute...
Cosmoshop 'index.cgi' Cross-Site Scripting Vulnerability
Cosmoshop is an online store application. A cross-site scripting vulnerability exists in Cosmoshop 'index.cgi', which can be exploited by remote attackers to construct malicious URIs that can be tricked into being parsed by the user, which can be used to obtain sensitive cookies, hijack sessions,...
CVE-2015-1444
Multiple cross-site scripting XSS vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the 1 conntrack.cgi, 2 index.cgi, 3 logsyslog.cgi, 4 problems.cgi, 5...
Cross site scripting
Cross-site scripting XSS vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi when resconfigid is set to 41...
CVE-2014-10026
The CVE-2014-10026 issue affects D-Link DAP-1360 devices running firmware 2.5.4 and earlier. The vulnerability arises in index.cgi where a remote attacker can bypass authentication by setting the client_login cookie to admin, allowing access to sensitive information. Impact is exposure of confide...
CVE-2014-10028
Cross-site scripting XSS vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi when resconfigid is set to 41...
PT-2015-3671 · D Link · D-Link Dap-1360
Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 router versions 2.5.4 and earlier Description: The issue allows remote attackers to hijack the authentication of unspecified users for requests, including changing the MAC filter restrict mode, adding a MAC address to the...
PT-2015-3669 · D Link · D-Link Dap-1360
Name of the Vulnerable Software and Affected Versions: D-Link DAP-1360 versions 2.5.4 and earlier Description: The issue allows remote attackers to hijack the authentication of unspecified users for requests that change various settings, including Enable Wireless, MBSSID, BSSID, Hide Access Point...
Barracuda Spam&Virus FW #39 - CS Cross Site Vulnerability
Document Title: =============== Barracuda Spam&Virus FW 39 - CS Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1118 Barracuda Networks Security ID BNSEC: BNSEC-1052 https://www.barracuda.com/support/knowledgebase/501600000013lYI...
Barracuda Spam&Virus FW #39 - CS Cross Site Vulnerability
Document Title: =============== Barracuda Spam&Virus FW 39 - CS Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1118 Barracuda Networks Security ID BNSEC: BNSEC-1052 https://www.barracuda.com/support/knowledgebase/501600000013lYI...
Web-APP.net WebAPP 0.9.x index.cgi Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17359/info Web-App.Org and Web-App.Net are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
CVE-2014-3761
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
Cross site scripting
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
PT-2014-5486 · D Link · D-Link Dap 1150
Name of the Vulnerable Software and Affected Versions: D-Link DAP 1150 version 1.2.94 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the res buf parameter to "index.cgi" in the Control/URL-filter section. Recommendations: For D-Lin...
CVE-2013-0126
Multiple cross-site request forgery CSRF vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that 1 add administrative accounts via the username and userlevel...
BackupPC < 3.2.1 Multiple XSS Vulnerabilities - Active Check
BackupPC is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
DEBIAN-CVE-2011-4923
Cross-site scripting XSS vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than...
CVE-2011-3361
Cross-site scripting XSS vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi...
CVE-2011-3361
Cross-site scripting XSS vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi...