155 matches found
Engineers Online Portal 1.0 - (id) SQL Injection Vulnerability
Exploit Title: Engineers Online Portal 1.0 - 'id' SQL Injection Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...
D-Link DIR-868L Information Disclosure Vulnerability
The D-Link DIR-868L is a wireless AC1750 dual-band Gigabit cloud router. A credential disclosure vulnerability exists in the D-Link DIR-868L version 3.01. An attacker can exploit this vulnerability by decompiling the firmware to access the firmware and extract sensitive data...
CVE-2020-29323
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...
Command injection
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...
Design/Logic Flaw
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data...
D-Link DIR-868L 信息泄露漏洞
The D-Link DIR-868L is a wireless AC1750 dual-band Gigabit cloud router. A credential disclosure vulnerability exists in the D-Link DIR-868L version 3.01. An attacker can exploit this vulnerability by decompiling the firmware to access the firmware and extract sensitive data...
SonicWall 802.11 Frame Aggregation and Fragmentation Vulnerabilities (FragAttacks)
Vulnerabilities in IEEE 802.11 implementation were found. These vulnerabilities could allow an attacker to inject malicious frames into legitimate WiFi traffic. The discovered vulnerabilities affect all modern security protocols of WiFi, including the latest WPA3. Successful exploitation of these...
GHSA-4J54-MMMV-HJPM Malicious Package in slush-fullstack-framework
Version 0.9.2 of slush-fullstack-framework contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It'...
GHSA-XWG3-GJXH-C8PM Malicious Package in ngx-context-menu
Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...
GHSA-JF55-RGPX-P6RX Malicious Package in iie-viz
Version 1.0.4 of iie-viz contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also recommended...
GHSA-226W-6HHJ-69HP Malicious Package in cal_rd
Version 0.1.1 of rccal contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also recommended t...
GHSA-48HW-37G6-3GW4 Malicious Package in mx-nested-menu
Version 0.1.30 of mx-nested-menu contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluat...
GHSA-GJC9-932X-C59P Malicious Package in leaflet-gpx
Version 1.0.1 of leaflet-gpx contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate yo...
Malicious Package
oauth-validator is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
modlibrary is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
react-server-native is a malicious package. The library contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
COVR 3902 1.01B0 Hardcoded Credentials
Title: Telnet Hardcoded Credentials Summary: The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data Affected Firmware: COVR-3902REVAROUTERFIRMWAREv1.01B0 CV...
Malicious Package in react-server-native
Version 0.0.7 of react-server-native contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.7 of this module is found installed...
GHSA-9CQ4-MHMR-84GM Malicious Package in jasmin
Version 0.0.3 of jasmin contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.3 of this module is found installed you will want...
Malicious Package in css_transform_step
Version 1.0.6 of csstransformstep contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.6 of this module is found installed you...