29 matches found
EUVD-2018-12890
Malware in sbrugna...
EUVD-2021-24586
Malware in sbrugna...
EUVD-2017-18268
Malware in sbrugna...
CVE-2021-38113
In addBouquet in js/bqe.js in OpenWebif aka e2openplugin-OpenWebif through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor i.e., bouqueteditor/api/addbouquet?name= leads to Stored XSS...
SUSE CVE-2017-9333
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger...
CVE-2021-38113
In addBouquet in js/bqe.js in OpenWebif aka e2openplugin-OpenWebif through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor i.e., bouqueteditor/api/addbouquet?name= leads to Stored XSS...
CVE-2021-38113
In addBouquet in js/bqe.js in OpenWebif aka e2openplugin-OpenWebif through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor i.e., bouqueteditor/api/addbouquet?name= leads to Stored XSS...
Cross site scripting
In addBouquet in js/bqe.js in OpenWebif aka e2openplugin-OpenWebif through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor i.e., bouqueteditor/api/addbouquet?name= leads to Stored XSS...
CVE-2021-38113
In addBouquet in js/bqe.js in OpenWebif aka e2openplugin-OpenWebif through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor i.e., bouqueteditor/api/addbouquet?name= leads to Stored XSS...
CVE-2021-38113
OpenWebif (aka e2openplugin-OpenWebif)
e2openplugin-OpenWebif 跨站脚本漏洞
OpenWebif is an open source web interface for Enigma2 based set-top boxes. A cross-site scripting vulnerability exists in e2openplugin-OpenWebif versions prior to 1.4.7, which originates from the addBouquet module in js/bqe.js, where insertion of JavaScript into the Bouquet Editor's Add Bouquet...
Code injection
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full...
CVE-2018-20332
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full...
CVE-2018-20332
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full...
CVE-2018-20332
CVE-2018-20332 affects the OpenWebif plugin (versions up to 1.2.4) on Enigma2-based devices. The issue enables reading of arbitrary files and listing of arbitrary directories via /file?action=download&file=... and /file?action=download&dir=..., related to plugin/controllers/file.py in the e2openp...
CVE-2018-20332
An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full...
e2openplugin OpenWebif 1.2.4 Code Execution
Hello all, e2openplugin-OpenWebif is an open source web interface plugin for IP TVs and media centers. It is found in several IP TV software images and hardware products including the commercial Dreambox devices. A remote code injection vulnerability was found in the "key" HTTP GET parameter of t...
OpenWebif 'CallOPKG' Function Remote Command Execution Vulnerability
OpenWebif is an open source web interface plug-in for Linux-based set-top boxes. A security vulnerability exists in OpenWebif version 1.2.5, which originates from the failure of the 'CallOPKG' function of the IpkgController class in the plugin/controllers/ipkg.py file to restrict or correctly...
CVE-2017-9333
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger...
CVE-2017-9333
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger...