MAL-2025-48448 Malicious code in isg-iwp-web-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd99ea1f73a0a8a60395dd908d6a970f8ab7861bec1eb627b70023c9716185ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-34855

Malicious code in isg-iwp-web-client npm...

EUVD-2018-11214

Malware in sbrugna...

isg-korea.com Cross Site Scripting vulnerability OBB-3393601

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

library.iucn-isg.org Cross Site Scripting vulnerability OBB-3236209

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Weak Password Vulnerability in RG-UAC 6000-ISG Video Access Security Gateway

RG-UAC 6000-ISG series video surveillance security gateway is a video surveillance network security reinforcement product independently developed by Ruijie Networks. The RG-UAC 6000-ISG video access security gateway has a weak password vulnerability, which can be exploited by attackers to obtain...

Weak Password Vulnerability in RG-ISG of Ruijie Networks Co.

Ruijie Networks is a specialized network vendor with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and more. A weak password vulnerability exists in the RG-ISG of Ruijie Networks Corporation,...

Information Disclosure Vulnerability in RG-ISG of Riptide Networks Inc.

Ruijie Networks is a specialized network vendor with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and more. An information disclosure vulnerability exists in RG-ISG of Ruijie Networks...

OpenSSL Vulnerabilities Sep 2020 - Feb 2021

Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A remote attacker may be able to decrypt encrypted communication from an SSL/TLS connection, downgrade a newly established SSL/TLS connection to SSLv2,...

CVE-2019-7383

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

CVE-2018-19525

An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1TRUNK-20180914.bin devices. There is CSRF via /ui/?g=objkeywordsadd and /ui/?g=objkeywordsaddsave with resultant XSS because of a lack of csrf token validation...

CVE-2018-19525

An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1TRUNK-20180914.bin devices. There is CSRF via /ui/?g=objkeywordsadd and /ui/?g=objkeywordsaddsave with resultant XSS because of a lack of csrf token validation...

Cross site request forgery (csrf)

An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1TRUNK-20180914.bin devices. There is CSRF via /ui/?g=objkeywordsadd and /ui/?g=objkeywordsaddsave with resultant XSS because of a lack of csrf token validation...

CVE-2019-7383

CVE-2019-7383 affects Systrome Cumilon ISG-600C, ISG-600H and ISG-800W with firmware V1.1-R2.1_TRUNK-20181105.bin. The issue is a shell command injection in network/isp/isp_update_edit.php caused by improper validation of the des parameter, enabling arbitrary commands when the ISP file descriptio...

CVE-2018-19525

An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1TRUNK-20180914.bin devices. There is CSRF via /ui/?g=objkeywordsadd and /ui/?g=objkeywordsaddsave with resultant XSS because of a lack of csrf token validation...

CVE-2018-19525

CVE-2018-19525 affects Systrome ISG-600C, ISG-600H, and ISG-800W devices running 1.1-R2.1_TRUNK-20180914.bin. Described as a CSRF vulnerability due to missing CSRF token validation on endpoints /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave, resulting in XSS. The connected Red Hat/NVD/PR...

SYSTORME ISG Cross Site Request Forgery Vulnerability

Exploit for multiple platform in category web applications SYSTORME ISG Cross Site Request Forgery Vulnerability ===================================================== Authenticated XSRF leads to complete Account Takeover ===================================================== . contents:: Table Of...

SYSTORME ISG Command Injection Vulnerability

SYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from an authenticated command injection vulnerability. SYSTORME ISG Command Injection Vulnerability ===================================== Authenticated Shell Command Injection ===================================== . contents:: Table Of...

SYSTORME ISG Cross Site Request Forgery

===================================================== Authenticated XSRF leads to complete Account Takeover ===================================================== . contents:: Table Of Content Overview ======== Title:- Authenticated XSRF leads to complete account takeover in all SYSTORME ISG...

SYSTORME ISG Command Injection

===================================== Authenticated Shell Command Injection ===================================== . contents:: Table Of Content Overview ======== Title : Authenticated Shell command Injection Author: Kaustubh G. Padwad CVE ID: CVE-2019-7383 Vendor: Systrome Networks...