Stay updated on the latest vulnerability disclosures, CVE tracking, and security advisories affecting enterprise systems and applications.
Huawei EchoLife HG520 modems are vulnerable to an information disclosure vulnerability. Sensitive modem information can be accessed using a public URL in modems with the web interface activated.
Huawei EchoLife HG520 modems are vulnerable to a remote information disclosure vulnerability. This vulnerability can be exploited by sending a specially crafted UDP packet that causes the modems to return sensitive information in clear text form.
Huawei EchoLife HG520c modems expose an unauthenticated factory-reset endpoint and an authenticated remote reboot page, letting an attacker on the LAN or via a malicious website disrupt service and wipe the device configuration.
Croogo CMS 1.3 fails to sanitize user-supplied input in the Contact and User modules, letting attackers inject HTML and JavaScript that runs in an administrator's browser and enables session theft or UI redressing.
Croogo CMS 1.2 stores contact form titles and subjects without sanitisation, allowing an attacker to inject HTML or JavaScript that executes in the administrator's browser when the message is viewed, enabling session theft.
OpenConf CE 3.41 contains multiple stored and reflected cross-site scripting vulnerabilities and an SQL injection flaw in the conference chair interface, enabling session theft and direct database extraction.
ZenCart 1.3.8a has a persistent XSS in 'Admin Home' in 'Last Name' parameter. Another Cross Site Scripting vulnerability exists in 'nogrants' parameter in sqlpatch.php.
The D-Link WBR-1310 router reflects unsanitised input in its ping diagnostic page. Because the password-change endpoint does not require the current password, the same XSS payload can silently reset the admin credential and take over the router.
The remote management interface on tcp/50001 of various 2Wire devices suffer from a remote denial of service vulnerability.
Multiple reflected cross-site scripting vulnerabilities in PaperThin's CommonSpot CMS 5.0 and 5.1, reachable through loader.cfm, let an attacker hijack an administrator session or stage CSRF and phishing attacks against the platform.
Some 2Wire devices are vulnerable to authentication bypass and remote password reset attacks that allow drive-by pharming.
