175 matches found
victorsport.com XSS vulnerability
Open Bug Bounty ID: OBB-591840 Description| Value ---|--- Affected Website:| victorsport.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Archon Cross-Site Scripting Vulnerability
Archon is a system of online catalog sites for manuscript collections at the Maine Maritime Museum. A cross-site scripting vulnerability exists in the packages/core/contact.php file in Archon version 3.21 rev-1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HT...
Authentication flaw
registersend.php on D-Link DIR-850L REV. B with firmware through FW208WWb02 devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services...
CVE-2017-14413
D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices have XSS in the action parameter to htdocs/web/wpsacts.php...
CVE-2017-14417
D-Link DIR-850L REV. B devices (firmware up to FW208WWb02) are affected by CVE-2017-14417 due to register_send.php not requiring authentication, enabling unintended enrollment in mydlink Cloud Services. Root cause: missing auth on register_send.php. Impact: potential attacker could gain access or...
CVE-2017-14415
Summary of CVE-2017-14415 : A cross-site scripting (XSS) vulnerability exists in D-Link DIR-850L REV. A devices (firmware up to FW114WWb07_h2ab_beta1) in the action parameter of htdocs/web/sitesurvey.php. The root cause is unsanitized input for the action parameter, enabling an attacker to inject...
CVE-2017-14423
CVE-2017-14423 affects D-Link DIR-850L REV. A devices (firmware FW114WWb07_h2ab_beta1 and earlier). The vulnerability resides in the htdocs/parentalcontrols/bind.php file, where unauthenticated nonce-guessing could allow remote attackers to change DNS configuration by sending a sequence of reques...
PT-2017-13467 · D Link · D-Link Dir-850L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 Description: The issue allows remote attackers to change the DNS configuration via a series of requests, due to the failure to prevent unauthenticated nonce-guessing attacks in the...
PT-2017-13466 · D Link · D-Link Dir-850L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the use of a hardcoded private key in the /etc/stunnel.key file across different installations,...
D-Link 850L Firmware B1 Admin Password Disclosure Vulnerability - Active Check
D-Link 850L Firmware B1 is vulnerable to an admin password disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
PT-2017-2899 · D Link · D-Link Dir-850L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue is related to a hardcoded password for the Alphanetworks account, which is set to wrgac25 dlink.2013gui dir850l upon device reset. This allows remote attackers to obtai...
CVE-2016-10405
Session fixation vulnerability in D-Link DIR-600L routers rev. Ax with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2017-12943
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/showinfo.php?REQUIREFILE= absolute path traversal attack, as demonstrated by discovering the admin password...
CVE-2017-12943
CVE-2017-12943 affects D-Link DIR-600 Rev Bx devices with v2.x firmware. The vulnerability is an absolute path traversal in the endpoint model/__show_info.php?REQUIRE_FILE= which allows remote attackers to read passwords (admin credentials) from the device. Public mention in multiple sources (Exp...
PT-2017-12787 · D Link · Dir-600M
Name of the Vulnerable Software and Affected Versions: D-Link DIR-600 Rev Bx versions 2.x Description: The issue allows remote attackers to read passwords via an absolute path traversal attack using the "model/ show info.php?REQUIRE FILE=" endpoint. This can be exploited to discover the admin...
Sitecore CRM Code Execution Vulnerability
Sitecore CRM is a suite of customer relationship management solutions from Sitecore Denmark. A code execution vulnerability exists in the Package Manager in Sitecore CRM version 8.1 Rev 151207. A remote attacker can exploit this vulnerability by creating a ZIP archive file to execute arbitrary AS...
CVE-2017-5874
CVE-2017-5874 affects D-Link DIR-600M Rev. Cx before v3.05ENB01_beta_20170306. A CSRF flaw exists that can bypass authentication and lead to potentially malicious actions, including insertion of XSS payloads and changing critical settings. Public sources (NVD/CNVD/PRION/PT Security/Exploit-DB) co...
Sitecore Experience Platform 8.1 Update-3 Cross Site Scripting Vulnerability
Sitecore Experience Platform version 8.1 Update-3 suffers from a cross site scripting vulnerability. Exploit Title: Stored Cross Site Scripting XSS in Sitecore Experience Platform 8.1 Update-3 Date: March 15, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitecore.net/en Version...
CVE-2016-10125
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session...
rev-ads.solspot.com Open Redirect vulnerability
Vulnerable URL: http://rev-ads.solspot.com/revive-adserver/www/delivery/ck.php?oaparams=2bannerid=17zoneid=6cb=2720ce4c37oadest=https://xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:|...