Lucene search
K

384 matches found

ThreatPost
ThreatPost
added 2018/05/09 8:20 p.m.13 views

Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’

Vulnerabilities found in the Logitech Harmony Hub can give adversaries root access to the device – allowing attackers to control other smart home devices linked to it, such as smart locks and connected surveillance cameras. Researchers at FireEye’s Mandiant Red team identified four vulnerabilitie...

7.6AI score
Exploits0References3
FireEye
FireEye
added 2018/05/04 11:0 a.m.497 views

Rooting a Logitech Harmony Hub: Improving Security in Today's IoT World

Introduction FireEye’s Mandiant Red Team recently discovered vulnerabilities present on the Logitech Harmony Hub Internet of Things IoT device that could potentially be exploited, resulting in root access to the device via SSH. The Harmony Hub is a home control system designed to connect to and...

7.4AI score
Exploits0
OSV
OSV
added 2017/11/10 2:29 a.m.5 views

CVE-2017-16568

Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio...

5.4CVSS5.8AI score0.01985EPSS
Exploits2References1
OSV
OSV
added 2017/11/10 2:29 a.m.5 views

CVE-2017-16567

Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality...

5.4CVSS5.9AI score0.02239EPSS
Exploits3References1
NVD
NVD
added 2017/11/10 2:29 a.m.21 views

CVE-2017-16568

Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio...

5.4CVSS5.3AI score0.01985EPSS
Exploits2References1
NVD
NVD
added 2017/11/10 2:29 a.m.16 views

CVE-2017-16567

Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality...

5.4CVSS5.3AI score0.02239EPSS
Exploits3References1
Prion
Prion
added 2017/11/10 2:29 a.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."...

3.5CVSS5.3AI score0.02239EPSS
Exploits3References1Affected Software1
Prion
Prion
added 2017/11/10 2:29 a.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL...

3.5CVSS5.3AI score0.01985EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2017/11/10 12:0 a.m.3 views

Logitech Media Server Cross-Site Scripting Vulnerability (CNVD-2017-36360)

Logitech Media Server is an audio playback software from Logitech USA. A cross-site scripting vulnerability exists in Logitech Media Server version 7.9.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

5.4CVSS6.2AI score0.01985EPSS
Exploits2References1
CNVD
CNVD
added 2017/11/10 12:0 a.m.2 views

Logitech Media Server Cross-Site Scripting Vulnerability (CNVD-2017-36361)

Logitech Media Server is an audio playback software from Logitech USA. A cross-site scripting vulnerability exists in Logitech Media Server version 7.9.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the 'favorite' tag...

5.4CVSS6AI score0.02239EPSS
Exploits3References1
Cvelist
Cvelist
added 2017/11/09 7:0 p.m.25 views

CVE-2017-16567

Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality...

5.3AI score0.02239EPSS
Exploits3References1
Cvelist
Cvelist
added 2017/11/09 7:0 p.m.33 views

CVE-2017-16568

Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio...

5.3AI score0.01985EPSS
Exploits2References1
CVE
CVE
added 2017/11/09 7:0 p.m.50 views

CVE-2017-16567

CVE-2017-16567 is a stored cross-site scripting vulnerability in Logitech Media Server 7.9.0 affecting the Favorites feature. The issue allows remote attackers to inject and permanently store malicious JavaScript that executes when users access the affected UI, enabling session hijacking, credent...

5.4CVSS5.4AI score0.02239EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2017/11/09 7:0 p.m.56 views

CVE-2017-16568

Logitech Media Server 7.9.0 is affected by a stored XSS via the Radio URL/input in the Radio feature. The vulnerability allows remote attackers to inject JavaScript that is stored on the server and executed when users play the compromised radio stream, leading to potential session hijacking, unau...

5.4CVSS5.2AI score0.01985EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2017/11/09 12:0 a.m.4 views

PT-2017-14452 · Logitech · Logitech Media Server

Name of the Vulnerable Software and Affected Versions: Logitech Media Server version 7.9.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via a radio URL, leading to persistent cross-site scripting XSS attacks. This enables attackers to inject malicious...

5.4CVSS5.7AI score0.01985EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2017/11/09 12:0 a.m.4 views

PT-2017-14451 · Logitech · Logitech Media Server

Name of the Vulnerable Software and Affected Versions: Logitech Media Server version 7.9.0 Description: The issue is related to a Cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via a favorite. This vulnerability can lead to Session...

5.4CVSS6.2AI score0.02239EPSS
Exploits3References3
Packet Storm
Packet Storm
added 2017/11/07 12:0 a.m.40 views

Logitech Media Server 7.9.0 Cross Site Scripting

Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied Fo...

5.9AI score0.02239EPSS
Exploits4
OpenVAS
OpenVAS
added 2017/11/07 12:0 a.m.18 views

Logitech Media Server Multiple Persistent XSS Vulnerabilities

Logitech Media Server is prone to multiple stored cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS5.4AI score0.02239EPSS
Exploits4References2
0day.today
0day.today
added 2017/11/06 12:0 a.m.54 views

Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux...

3.5CVSS0.1AI score0.01985EPSS
Exploits2
0day.today
0day.today
added 2017/11/06 12:0 a.m.36 views

Logitech Media Server 7.9.0 - favorites Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available...

3.5CVSS6AI score0.02239EPSS
Exploits3
Rows per page
Query Builder