21 matches found
PT-2026-44098
Name of the Vulnerable Software and Affected Versions Gladinet Triofox Cloud Server Agent affected versions not specified Description Improper handling of remote HTTP messages in the GladServerAgentService.exe, which listens on TCP port 7878, allows unauthenticated attackers to potentially gain...
EUVD-2021-14407
Malware in sbrugna...
CVE-2015-9544
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...
CVE-2015-9545
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...
Draytek多款产品格式化字符串错误漏洞
DrayTek Vigor is a router. a format string vulnerability exists in DrayTek Vigor, which can be exploited by remote attackers to execute arbitrary code via specially crafted HTTP messages containing malformed query strings...
Improper Input Validation in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...
GHSA-76QM-4F93-FG6F Improper Input Validation in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...
GHSA-VRC7-6G8W-JH56 Improper Input Validation in xdLocalStorage
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...
Tp-link TP-Link AX10 环境问题漏洞
TP-Link AX10, a router from Tp-link, is vulnerable to an input validation error in TP-Link AX10 v1. The vulnerability stems from the fact that the product does not effectively handle special HTTP messages. An attacker could cause a denial of service to the target through this vulnerability...
CVE-2021-27661
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller F4-SNC user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to t...
CVE-2021-27661 Facility Explorer
Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller F4-SNC user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to t...
Unspecified Vulnerability in Johnson Controls Metasys
Johnson Controls Metasys system is the United States Johnson Controls Johnson Controls company's set of building automation system. A security vulnerability exists in Johnson Controls Metasys version 11.0 and prior versions that can be exploited by an attacker to send specially crafted web messag...
CVE-2021-27657
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls...
Johnson Controls Metasys 安全漏洞
Johnson Controls Metasys system is the United States Johnson Controls Johnson Controls company's set of building automation system. A security vulnerability exists in Johnson Controls Metasys version 11.0 and prior versions that can be exploited by an attacker to send specially crafted web messag...
CVE-2015-9544
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...
CVE-2015-9545
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...
Input validation
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...
Input validation
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...
CVE-2015-9544
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the...
CVE-2015-9544
CVE-2015-9544 affects xdLocalStorage up to version 2.0.5. The postMessage API (xdLocalStoragePostMessageApi.js) does not validate the origin of received web messages, enabling remote attackers who lure a user to a malicious site to read/alter data in local storage of the vulnerable site. Impact s...