7647 matches found
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux...
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available...
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0...
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available...
Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied Fo...
Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied For. POC: 1. Access and go to the Radio URL...
TinyWebGallery v2.4 (TWGE) - Persistent XSS Vulnerability
Document Title: =============== TinyWebGallery v2.4 TWGE - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1997 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16635...
Cross site scripting
D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...
CVE-2016-10699
D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...
CVE-2016-10699
D-Link DSL-2740E 1.00BG20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a...
CVE-2016-10699
CVE-2016-10699 affects D-Link DSL-2740E, version 1.00_BG_20150720. The vulnerability is a persistent cross-site scripting (XSS) flaw in the username and password input fields due to lack of input sanitization. A remote unauthenticated user can craft logins and passwords containing script tags, po...
Circle with Disney Rclient SSH Persistent Remote Access Vulnerability
Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...
Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability
Document Title: =============== Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2000 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16636 CVE-ID: ======= CVE-2017-16636 Release...
Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability
Document Title: =============== Bludit 1.5.2 & 2.0.1 - Filter Bypass & Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2000 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16636 CVE-ID: ======= CVE-2017-16636 Release...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 62.0.3202.74 Platform version: 9901.54.0/1 for most Chrome OS devices. This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days. New Features Kerberos SSO integration for Active Directory...
Cisco Umbrella Virtual Appliance 2.0.3 Undocumented Support Tunnel Vulnerability
Cisco Umbrella Virtual Appliance versions 2.0.3 and below contain an undocumented, auto-initiated reverse SSH tunnel which allows the Cisco Umbrella support team to have persistent and unrestricted access to the virtual appliance. Cisco Umbrella Virtual Appliance - Undocumented Support Tunnel...
Hardening the system and maintaining integrity with Windows Defender System Guard
One of the things we spend a great deal of time thinking about here at Microsoft is how attackers will attempt to persist and evade detection once they’ve successfully compromised a device. With Windows 10 we’ve made it more difficult to find ways to exploit potential entry points, and it’s clear...
Latest Sofacy Campaign Targeting Security Researchers
Sofacy, the Russian-speaking APT group connected to interference in the 2016 U.S. presidential election, has been targeting researchers, admins and others interested in cybersecurity. Cisco’s security research arm Talos published a report on Sunday describing a campaign linked to Sofacy, also kno...
CVE-2017-15375
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...
CVE-2017-15374
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...