CVE-2018-14916 – Loytec LGATE-902 XSS / Traversal / File Deletion
https://notcve.org/view.php?id=CVE-2018-14916
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. Los dispositivos LOYTEC LGATE-902 en la versión 6.3.2 permiten la eliminación arbitraria de archivos. Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html http://seclists.org/fulldisclosure/2019/Apr/12 https://seclists.org/fulldisclosure/2019/Apr/12 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-14919 – Loytec LGATE-902 XSS / Traversal / File Deletion
https://notcve.org/view.php?id=CVE-2018-14919
LOYTEC LGATE-902 6.3.2 devices allow XSS. Los dispositivos YTEC LGATE-902 versión 6.3.2 permiten Cross-Site Scripting (XSS). Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html http://seclists.org/fulldisclosure/2019/Apr/12 https://seclists.org/fulldisclosure/2019/Apr/12 https://www.mag-securs.com/alertes/artmid/1894/articleid/41651/loytec-lgate-902-up-to-641-alarm-log-obj-handle-cross-site-scripting.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-14918 – Loytec LGATE-902 XSS / Traversal / File Deletion
https://notcve.org/view.php?id=CVE-2018-14918
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. Los dispositivos LOYTEC LGATE-902 versión 6.3.2 permiten un salto de directorio. Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html http://seclists.org/fulldisclosure/2019/Apr/12 https://seclists.org/fulldisclosure/2019/Apr/12 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •