Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. Affected models include TD-W9977, TL-WA801ND, TL-WA801N, TL-WR802N, and Archer-C3150.
1da398afccf3fc2ba6162181e5e7b91aUnibox version 2.4 suffers from remote code execution and cross site request forgery vulnerabilities.
0d9c1908b02b93829d56268f4e5a5330Various Unibox products suffers from a cross site request forgery vulnerability.
f4a13dbef7fa744bc2d7fb564747eaeaA denial of service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.
3634f2043d52856b3dc8fee6e53be5daRaisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the newpass and confpass parameters in /bin/WebMGR.
96852f7edee55b1d7fe41b06c5100e95Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the fmgpon_loid parameter.
a7b4b967b526835e031e08633772389aSYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from an authenticated command injection vulnerability.
2b900c12b8546c4e8e5c9f117e930eb6SYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from a cross site request forgery vulnerability.
d5e0c75c7f7c7d6ee5d9b1c51cadf251A stack overflow vulnerability has been identified in multiple Skyworth GPON HomeGateways and Optical Network terminals. Affected products include 1.DT741 Converged Intelligent Terminal (G/EPON+IPTV), 2.DT741 Converged Intelligent Terminal (G/EPON+IPTV), 3.DT721-cb GPON uplink home gateway (GPON+2FE+1POTS), 4.DT721-cb GPON Uplink Home Gateway (GPON+2FE+1POTS), 5.DT741-cb GPON uplink home gateway (GPON+4FE+1POTS+WIFI+USB), 6.DT741-cb GPON Uplink Home Gateway (GPON+4FE+1POTS+WIFI+USB), and 7.DT741-cbGPON uplink home gateway DT741-cb.
de912c87729b8b98ea82b52200e61947Manage Engine OPutils version 8.0 suffers from an authorization bypass vulnerability due to a missing function level access control.
33975dda3e20de9f77b37db8e8b804cbManage Engine OPutils version 8.0 suffers from a privilege escalation vulnerability.
ddd1dfdab1ec43b051037edad0b026e9Manage Engine OPutils version 8.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
da0b63310ce05af56ec547821e62bb2cManageEngine Network Configuration Management build version 11000 suffers from a privilege escalation vulnerability.
721f8a3a32e703192c42c95a2ac482ccManageEngine Network Configuration Management build 11000 suffers from a cross site request forgery vulnerability.
f9c1968f467ae9126fb372c962dd3e1bWordPress Ad Buttons plugin version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
e852b9ba527e9d29868c110941c97701WordPress Ultimate Profile Builder plugin version 2.3.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
b3f5807199cf9c2264400f6b795a374eWordPress ClickBank Ads plugin version 1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.
854d8aa6e035bc9bb841486fbf2431f7Manage Engine Asset Explorer version 6.10 build 6110 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
a8ea4e7d7e34c2ce795986ac29c3b9dcWordPress Ad Inserter plugin version 1.5.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
97567eb9adf2f8df4eb066de7d468e3cWordPress Embed-Articles plugin version 7.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
ef1c75d6c95a9725753213ca9c3d7940WordPress WP Statistics plugin version 9.1.2 suffers from stored cross site scripting vulnerabilities.
ed1090d2a309cf94eb64607f6b91474eWordPress AB Google Map Travel (AB-MAP) plugin version 4.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
4e136df0edf911a0cfccfb3f4ad7a168Manage Engine Device Expert version 5.9.9.0 suffers from a reflective cross site scripting vulnerability.
f74cd28cfe9efd5be51456c3a60bd809ManageEngine Network Configuration Management suffers from a cross site request forgery vulnerability.
758c46f5ea5bd4b20d2dbbaa4a25d4a5Manage Engine Device Expert version 5.9.9.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
0c28afbd1b355f909ade578987e45261
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed