24 matches found
CVE-2024-4105
A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...
CVE-2024-4105
CVE-2024-4105 affects Yokogawa FAST/TOOLS and CI Server. The issue is a reflected XSS in the WEB HMI server when processing HTTP requests, which could allow a malicious script to execute in a client browser. Affected products/versions: FAST/TOOLS RVSVRN/UNSVRN/HMIWEB/FTEES/HMIMOB (R9.01–R10.04) a...
Robustel R1510 web_server /action/import_authorized_keys/ OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1578 Robustel R1510 webserver /action/importauthorizedkeys/ OS command injection vulnerability October 14, 2022 CVE Number CVE-2022-34850 SUMMARY An OS command injection vulnerability exists in the webserver /action/importauthorizedkeys/ functionality of...
TCL LinkHub Mesh Wifi confctl_get_guest_wlan information disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1503 TCL LinkHub Mesh Wifi confctlgetguestwlan information disclosure vulnerability August 1, 2022 CVE Number CVE-2022-27633 SUMMARY An information disclosure vulnerability exists in the confctlgetguestwlan functionality of TCL LinkHub Mesh Wifi MS1G0001.0014...
CVE-2020-15537
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box...
WAGO e!COCKPIT Firmware Downgrade Vulnerability
Summary An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version...
TP-Link TL-R600VPN HTTP server ping address remote code execution vulnerability
Summary An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to...
concordtoys.net XSS vulnerability
Open Bug Bounty ID: OBB-619763 Description| Value ---|--- Affected Website:| concordtoys.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Natus Xltek EEG NeuroWorks SavePatientMontage Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. Teste...
Lexmark Perceptive Document Filters XLS ShapeHLink Information Disclosure Vulnerability(CVE-2017-2806)
Summary An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400 Tested...
Lexmark Perceptive Document Filters PDF GfxFont Code Execution Vulnerability(CVE-2017-2821)
Summary An exploitable use-after-free exists in the PDF parsing functionality of the Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution. Tested Versions Lexmark Perceptive Document Filters...
truck.uapac.com XSS vulnerability
Vulnerable URL: http://truck.uapac.com/product?cid=1"...
dancefavourite.com XSS vulnerability
Vulnerable URL: http://www.dancefavourite.com/Product.asp?small=1/-///'/"//--...
greenpatio.com XSS vulnerability
Vulnerable URL: http://www.greenpatio.com/cgi-bin/store/agora.cgi?product=Groundcover=...
thebridgehk.com XSS vulnerability
Vulnerable URL: http://thebridgehk.com/ein/Product.asp?men=480=1=1/-///'/"//--...
geminijets.com XSS vulnerability
Vulnerable URL: http://www.geminijets.com/database/index.php?rproduct=1/-///'/"//--...
Joomla DT Register SQL Injection
Title: SQL injection in Joomla extension DT Register Credit: Elar Lang / https://security.elarlang.eu Vulnerability: SQL injection Vulnerable version: before 3.1.12 Joomla 3.x / 2.8.18 Joomla 2.5 CVE: pending Full Disclosure URL:...
Joomla! Component DT Register - 'cat' SQL Injection
Title: SQL injection in Joomla extension DT Register Credit: Elar Lang / https://security.elarlang.eu Vulnerability: SQL injection Vulnerable version: before 3.1.12 Joomla 3.x / 2.8.18 Joomla 2.5 CVE: pending Full Disclosure URL:...
TP-Link Archer CR-700 - Cross-Site Scripting
Exploit Title: TP-Link Archer CR-700 XSS vulnerability Google Dork: N/A Date: 09/07/2016 Exploit Author: Ayushman Dutta Vendor Homepage: http://www.tp-link.us/ Software Link: N/A Version: 1.0.6 REQUIRED Tested on: Linux CVE : N/A Exploit Information:...
TP-Link Archer CR-700 - Cross-Site Scripting
TP-Link Archer CR-700 - Cross-Site Scripting Exploit Title: TP-Link Archer CR-700 XSS vulnerability Google Dork: N/A Date: 09/07/2016 Exploit Author: Ayushman Dutta Vendor Homepage: http://www.tp-link.us/ Software Link: N/A Version: 1.0.6 REQUIRED Tested on: Linux CVE : N/A Exploit Information:...