71 matches found
WordPress plugin Donation Thermometer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. cross-site scripting vulnerability exists in versions prior to WordPress Donation Thermometer 2.1.3. The...
PT-2022-20662 · WordPress · Donation Thermometer
Name of the Vulnerable Software and Affected Versions: Donation Thermometer WordPress plugin versions prior to 2.1.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...
Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Settings...
Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Settings...
WordPress Donation Thermometer plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Donation Thermometer plugin versions = 2.1.2. Solution Update the WordPress Donation Thermometer plugin to the latest available version at least 2.1.3...
Malicious code in meshblu-connector-arc-thermometer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f1869e723aea9d866700e89b3eaa39a2866762e0d10d4bebe7419833a14567e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4565 Malicious code in meshblu-connector-arc-thermometer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f1869e723aea9d866700e89b3eaa39a2866762e0d10d4bebe7419833a14567e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2019-15304
Lierda Grill Temperature Monitor V1.0050006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and...
Default credentials
Lierda Grill Temperature Monitor V1.0050006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Service or Information Disclosure via the undocumented access-point configuration page located on the device. This wifi thermometer app requests and...
CVE-2019-15304
CVE-2019-15304 affects ProGrade/Lierda Grill Temperature Monitor V1.00_50006. A default admin password enables an attacker to cause Denial of Service or Information Disclosure through the device’s undocumented access-point configuration page. The vulnerability stems from hard-coded credentials (a...
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
Exploit Title: Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Dork: intitle:"Heatmiser Wifi Thermostat" Date: 2018-08-17 Exploit Author: d0wnp0ur Original Discoverer: Andrew Tierney Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/...
Hackers attack Casino’s fish tank thermometer to obtain sensitive data
By Waqas The Internet of Things IoT has transformed the way we This is a post from HackRead.com Read the original post: Hackers attack Casino’s fish tank thermometer to obtain sensitive data...
Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer
Internet-connected technology, also known as the Internet of Things IoT, is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on. But of much greater concern, enterprises are unable to secure each a...
Papouch Backdoor Account / CSRF / Missing Authentication
+++++ Vulnerable Products 1. Papouch TME Ethernet thermometer 2. Papouch TME multi: Temperature and humidity via Ethernet All versions affected TME - Ethernet Thermometer http://www.papouch.com/en/shop/product/tme-ip-ethernet-thermometer/ TME multi: Temperature and humidity via Ethernet...
Smart Thermometer - Exported components, External URLs, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application Smart Thermometer published at the 'play' market has multiple vulnerabilities...
DS Thermometer - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application DS Thermometer published at the 'play' market has multiple vulnerabilities...
S4 Thermometer 3DHD - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application S4 Thermometer 3DHD published at the 'play' market has multiple vulnerabilities...
Thermometer - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application Thermometer published at the 'play' market has multiple vulnerabilities...
Smart Thermometer - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Smart Thermometer published at the 'play' market has multiple vulnerabilities...
Thermometer - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application Thermometer published at the 'play' market has multiple vulnerabilities...