|
247111
|
6.1 |
MEDIUM
Network
|
totolink
|
a3002ru_firmware
|
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13312
|
2024-11-21 12:46 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247112
|
9.8 |
CRITICAL
Network
|
totolink
|
a3002ru_firmware
|
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
|
CWE-78
OS Command
|
CVE-2018-13311
|
2024-11-21 12:46 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247113
|
6.1 |
MEDIUM
Network
|
totolink
|
a3002ru_firmware
|
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13310
|
2024-11-21 12:46 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247114
|
6.1 |
MEDIUM
Network
|
totolink
|
a3002ru_firmware
|
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13309
|
2024-11-21 12:46 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247115
|
6.1 |
MEDIUM
Network
|
totolink
|
a3002ru_firmware
|
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13308
|
2024-11-21 12:46 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247116
|
6.3 |
MEDIUM
Network
|
synology
|
photo_station
|
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
|
CWE-384
Session Fixation
|
CVE-2018-13282
|
2024-11-21 12:46 |
2018-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247117
|
4.3 |
MEDIUM
Network
|
synology
|
skynas
diskstation_manager
vs960hd
|
Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of ar…
|
CWE-200
Information Exposure
|
CVE-2018-13281
|
2024-11-21 12:46 |
2018-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247118
|
9.8 |
CRITICAL
Network
|
linhandante
|
anda
|
The server API in the Anda app relies on hardcoded credentials.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-13342
|
2024-11-21 12:46 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247119
|
6.1 |
MEDIUM
Network
|
mitel
|
st_firmware
|
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) att…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12901
|
2024-11-21 12:46 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247120
|
6.5 |
MEDIUM
Network
|
keruigroup
|
ypc99_firmware
|
Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YPC99) allows an attacker to watch or block the camera stream. The RTSP server on port 7070 accepts the command STOP to stop stream…
|
CWE-20
Improper Input Validation
|
CVE-2018-13115
|
2024-11-21 12:46 |
2018-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
