CVE-2020-11682

Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request...

Cross site request forgery (csrf)

Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request...

Huawei B315s-22 - Information Leak Vulnerability

Exploit for hardware platform in category web applications Product Family: LTE Model B315s – 22 Firmware version: 21.318.01.00.26 Author: Usman Saeed usman at xc0re.net 1. Unauthenticated access to sensitive files: It was observed that the web application running on the router, allows...

DNN (DotNetNuke) < 8.0.1 Multiple Vulnerabilities

The version of DNN Platform formerly DotNetNuke running on the remote host is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists due to improper validation of input to the 'returnurl' query string parameter before returning it to users. A remote attacker can...