384 matches found
Bugs in Logitech Harmony Hub Put Connected IoT Devices at ‘High Risk’
Vulnerabilities found in the Logitech Harmony Hub can give adversaries root access to the device – allowing attackers to control other smart home devices linked to it, such as smart locks and connected surveillance cameras. Researchers at FireEye’s Mandiant Red team identified four vulnerabilitie...
Rooting a Logitech Harmony Hub: Improving Security in Today's IoT World
Introduction FireEye’s Mandiant Red Team recently discovered vulnerabilities present on the Logitech Harmony Hub Internet of Things IoT device that could potentially be exploited, resulting in root access to the device via SSH. The Harmony Hub is a home control system designed to connect to and...
CVE-2017-16568
Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio...
CVE-2017-16567
Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality...
CVE-2017-16568
Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio...
CVE-2017-16567
Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality...
Cross site scripting
Cross-site scripting XSS vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."...
Cross site scripting
Cross-site scripting XSS vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL...
Logitech Media Server Cross-Site Scripting Vulnerability (CNVD-2017-36360)
Logitech Media Server is an audio playback software from Logitech USA. A cross-site scripting vulnerability exists in Logitech Media Server version 7.9.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Logitech Media Server Cross-Site Scripting Vulnerability (CNVD-2017-36361)
Logitech Media Server is an audio playback software from Logitech USA. A cross-site scripting vulnerability exists in Logitech Media Server version 7.9.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the 'favorite' tag...
CVE-2017-16567
Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality...
CVE-2017-16568
Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio...
CVE-2017-16567
CVE-2017-16567 is a stored cross-site scripting vulnerability in Logitech Media Server 7.9.0 affecting the Favorites feature. The issue allows remote attackers to inject and permanently store malicious JavaScript that executes when users access the affected UI, enabling session hijacking, credent...
CVE-2017-16568
Logitech Media Server 7.9.0 is affected by a stored XSS via the Radio URL/input in the Radio feature. The vulnerability allows remote attackers to inject JavaScript that is stored on the server and executed when users play the compromised radio stream, leading to potential session hijacking, unau...
PT-2017-14452 · Logitech · Logitech Media Server
Name of the Vulnerable Software and Affected Versions: Logitech Media Server version 7.9.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via a radio URL, leading to persistent cross-site scripting XSS attacks. This enables attackers to inject malicious...
PT-2017-14451 · Logitech · Logitech Media Server
Name of the Vulnerable Software and Affected Versions: Logitech Media Server version 7.9.0 Description: The issue is related to a Cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via a favorite. This vulnerability can lead to Session...
Logitech Media Server 7.9.0 Cross Site Scripting
Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied Fo...
Logitech Media Server Multiple Persistent XSS Vulnerabilities
Logitech Media Server is prone to multiple stored cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux...
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available...