Lucene search
+L

175 matches found

Openbugbounty
Openbugbounty
added 2018/03/26 10:1 a.m.17 views

victorsport.com XSS vulnerability

Open Bug Bounty ID: OBB-591840 Description| Value ---|--- Affected Website:| victorsport.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
CNVD
CNVD
added 2017/12/28 12:0 a.m.3 views

Archon Cross-Site Scripting Vulnerability

Archon is a system of online catalog sites for manuscript collections at the Maine Maritime Museum. A cross-site scripting vulnerability exists in the packages/core/contact.php file in Archon version 3.21 rev-1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HT...

6.1CVSS6AI score0.00593EPSS
Exploits1References1
Prion
Prion
added 2017/09/13 5:29 p.m.21 views

Authentication flaw

registersend.php on D-Link DIR-850L REV. B with firmware through FW208WWb02 devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services...

7.5CVSS9.4AI score0.01293EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2017/09/13 5:29 p.m.26 views

CVE-2017-14413

D-Link DIR-850L REV. A with firmware through FW114WWb07h2abbeta1 devices have XSS in the action parameter to htdocs/web/wpsacts.php...

6.1CVSS6.1AI score0.01134EPSS
Exploits1References1
CVE
CVE
added 2017/09/13 5:0 p.m.65 views

CVE-2017-14417

D-Link DIR-850L REV. B devices (firmware up to FW208WWb02) are affected by CVE-2017-14417 due to register_send.php not requiring authentication, enabling unintended enrollment in mydlink Cloud Services. Root cause: missing auth on register_send.php. Impact: potential attacker could gain access or...

9.8CVSS9.4AI score0.01293EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/09/13 5:0 p.m.63 views

CVE-2017-14415

Summary of CVE-2017-14415 : A cross-site scripting (XSS) vulnerability exists in D-Link DIR-850L REV. A devices (firmware up to FW114WWb07_h2ab_beta1) in the action parameter of htdocs/web/sitesurvey.php. The root cause is unsanitized input for the action parameter, enabling an attacker to inject...

6.1CVSS6.5AI score0.01134EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/09/13 5:0 p.m.61 views

CVE-2017-14423

CVE-2017-14423 affects D-Link DIR-850L REV. A devices (firmware FW114WWb07_h2ab_beta1 and earlier). The vulnerability resides in the htdocs/parentalcontrols/bind.php file, where unauthenticated nonce-guessing could allow remote attackers to change DNS configuration by sending a sequence of reques...

7.5CVSS8AI score0.01008EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2017/09/13 12:0 a.m.6 views

PT-2017-13467 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 Description: The issue allows remote attackers to change the DNS configuration via a series of requests, due to the failure to prevent unauthenticated nonce-guessing attacks in the...

7.5CVSS7.5AI score0.01008EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2017/09/13 12:0 a.m.7 views

PT-2017-13466 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. A versions through FW114WWb07 h2ab beta1 D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue concerns the use of a hardcoded private key in the /etc/stunnel.key file across different installations,...

7.5CVSS7.5AI score0.01288EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2017/09/12 12:0 a.m.76 views

D-Link 850L Firmware B1 Admin Password Disclosure Vulnerability - Active Check

D-Link 850L Firmware B1 is vulnerable to an admin password disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.8CVSS8.8AI score0.01293EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2017/09/08 12:0 a.m.6 views

PT-2017-2899 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L REV. B versions through FW208WWb02 Description: The issue is related to a hardcoded password for the Alphanetworks account, which is set to wrgac25 dlink.2013gui dir850l upon device reset. This allows remote attackers to obtai...

10CVSS9.2AI score0.02254EPSS
Exploits1References3
OSV
OSV
added 2017/09/07 1:29 p.m.5 views

CVE-2016-10405

Session fixation vulnerability in D-Link DIR-600L routers rev. Ax with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors...

9.8CVSS5.8AI score0.01932EPSS
Exploits0References1
OSV
OSV
added 2017/08/18 3:29 p.m.3 views

CVE-2017-12943

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/showinfo.php?REQUIREFILE= absolute path traversal attack, as demonstrated by discovering the admin password...

9.8CVSS5.8AI score0.39224EPSS
Exploits4References3
CVE
CVE
added 2017/08/18 3:0 p.m.74 views

CVE-2017-12943

CVE-2017-12943 affects D-Link DIR-600 Rev Bx devices with v2.x firmware. The vulnerability is an absolute path traversal in the endpoint model/__show_info.php?REQUIRE_FILE= which allows remote attackers to read passwords (admin credentials) from the device. Public mention in multiple sources (Exp...

9.8CVSS9.2AI score0.39224EPSS
Exploits4References3Affected Software1
Positive Technologies
Positive Technologies
added 2017/08/18 12:0 a.m.5 views

PT-2017-12787 · D Link · Dir-600M

Name of the Vulnerable Software and Affected Versions: D-Link DIR-600 Rev Bx versions 2.x Description: The issue allows remote attackers to read passwords via an absolute path traversal attack using the "model/ show info.php?REQUIRE FILE=" endpoint. This can be exploited to discover the admin...

9.8CVSS9.2AI score0.39224EPSS
Exploits4References4
CNVD
CNVD
added 2017/05/25 12:0 a.m.6 views

Sitecore CRM Code Execution Vulnerability

Sitecore CRM is a suite of customer relationship management solutions from Sitecore Denmark. A code execution vulnerability exists in the Package Manager in Sitecore CRM version 8.1 Rev 151207. A remote attacker can exploit this vulnerability by creating a ZIP archive file to execute arbitrary AS...

6.7CVSS8.1AI score0.01047EPSS
Exploits1References1
CVE
CVE
added 2017/03/22 5:31 a.m.67 views

CVE-2017-5874

CVE-2017-5874 affects D-Link DIR-600M Rev. Cx before v3.05ENB01_beta_20170306. A CSRF flaw exists that can bypass authentication and lead to potentially malicious actions, including insertion of XSS payloads and changing critical settings. Public sources (NVD/CNVD/PRION/PT Security/Exploit-DB) co...

8.8CVSS9.2AI score0.00702EPSS
Exploits2References2Affected Software1
0day.today
0day.today
added 2017/03/17 12:0 a.m.64 views

Sitecore Experience Platform 8.1 Update-3 Cross Site Scripting Vulnerability

Sitecore Experience Platform version 8.1 Update-3 suffers from a cross site scripting vulnerability. Exploit Title: Stored Cross Site Scripting XSS in Sitecore Experience Platform 8.1 Update-3 Date: March 15, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitecore.net/en Version...

4.3CVSS6.2AI score0.02186EPSS
Exploits6
OSV
OSV
added 2017/01/09 5:59 p.m.5 views

CVE-2016-10125

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session...

8.1CVSS5.8AI score0.01169EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2016/01/19 6:33 p.m.10 views

rev-ads.solspot.com Open Redirect vulnerability

Vulnerable URL: http://rev-ads.solspot.com/revive-adserver/www/delivery/ck.php?oaparams=2bannerid=17zoneid=6cb=2720ce4c37oadest=https://xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:|...

6.9AI score
Exploits0
Rows per page
Query Builder