CVE-2018-12571

uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the origurl parameter, possibly causing a traffic amplification and/or SSRF outcome...

Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction

Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction Vendor Homepage: https://www.microsoft.com/ Version: 2010 CVE : CVE-2018-12571 Proof of Concept 1 Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for...

Cross-site scripting vulnerability in multiple Peplink Balance products (CNVD-2017-09519)

Peplink Balance 305 and others are multi-exit load balancing routers for medium-sized businesses. A cross-site scripting vulnerability exists in various Peplink Balance products using firmware versions prior to fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A remote attacker can exploit...

CVE-2017-8839

CVE-2017-8839 is an XSS vulnerability in Peplink Balance devices (models 305, 380, 580, 710, 1350, 2500) due to injection through the orig_url parameter in guest/preview.cgi. Affected firmware is fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093 (pre-patch); vulnerable firmware include...