27 matches found
EUVD-2020-30225
Malware in sbrugna...
EUVD-2020-30227
Malware in sbrugna...
EUVD-2020-30226
Malware in sbrugna...
CVE-2020-9405
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page...
CVE-2020-9407
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICEJSONRPCCOOKIE cookie...
CVE-2020-9406
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
IBL Online Weather Cross-Site Scripting Vulnerability
IBL Online Weather is a weather service software from iblsoft. A cross-site scripting vulnerability exists in IBL Online Weather versions prior to 4.3.5a. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerabilit...
IBL Online Weather Information Disclosure Vulnerability
IBL Online Weather is a weather service software from iblsoft. A security vulnerability exists in IBL Online Weather versions prior to 4.3.5a. The vulnerability can be exploited to read the IWEBSERVICEJSONRPCCOOKIE cookie to obtain sensitive information...
CVE-2020-9406
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
CVE-2020-9405
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page...
CVE-2020-9407
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICEJSONRPCCOOKIE cookie...
CVE-2020-9407
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICEJSONRPCCOOKIE cookie...
CVE-2020-9405
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page...
CVE-2020-9406
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
Information disclosure
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICEJSONRPCCOOKIE cookie...
Cross site scripting
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page...
Design/Logic Flaw
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
PT-2020-20638 · Ibl · Ibl Online Weather
Name of the Vulnerable Software and Affected Versions: IBL Online Weather versions prior to 4.3.5a Description: The issue allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. This enables an attacker to inject malicious code without authentication...
CVE-2020-9407
IBL Online Weather prior to version 4.3.5a contains an information-disclosure vulnerability that allows an attacker to read the IWEBSERVICE_JSONRPC_COOKIE cookie and obtain sensitive data. The issue affects the software’s web-facing components and is fixed by upgrading to version 4.3.5a or later....
PT-2020-20639 · Ibl · Ibl Online Weather
Name of the Vulnerable Software and Affected Versions: IBL Online Weather versions prior to 4.3.5a Description: The issue allows attackers to obtain sensitive information by reading the IWEBSERVICE JSONRPC COOKIE cookie. Recommendations: For versions prior to 4.3.5a, update to version 4.3.5a or...