CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 1CVE-2023-27077
https://notcve.org/view.php?id=CVE-2023-27077
23 Mar 2023 — Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package. • https://github.com/B2eFly/Router/blob/main/360/360D901.md • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4392 – iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4392
16 Dec 2022 — The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The iPanorama 360 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.6.29 due to insufficient input sanitization and output escaping.... • https://wpscan.com/vulnerability/c298e3dc-09a7-40bb-a361-f49af4bce77e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3405
https://notcve.org/view.php?id=CVE-2019-3405
11 Jan 2021 — In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from the wireless, so as to attack the router wireless by DoS. At present, the vulnerability has been effectively handled, and users can fix the vulnerability after updating the firmware version. En la versión 3.1.3.64296 y versión inferior de 360F5, los terceros pu... • https://security.360.cn/News/news/id/246 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24158
https://notcve.org/view.php?id=CVE-2020-24158
03 Sep 2020 — 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology. 360 Speed ??Browser versión 12.0.1247.0, presenta una vulnerabilidad de secuestro de DLL, que puede ser explotada por los atacantes para ejecutar código malicioso. Es un navegador de dual-core propiedad de Beijing Qihoo Technology • https://www.cnvd.org.cn/flaw/show/2105401 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-3404
https://notcve.org/view.php?id=CVE-2019-3404
04 Mar 2020 — By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C. Al agregar algunos campos especiales en la función de uri ofrouter app, el usuario podría abusar de las funciones cgi de la aplicación en segundo plano sin necesidad de autenticación. Esto afecta a los enrutadores P0 y F5C de 360. • https://security.360.cn/News/news/id/218.html •
CVSS: 8.8EPSS: 3%CPEs: 10EXPL: 0CVE-2018-19031
https://notcve.org/view.php?id=CVE-2018-19031
04 Nov 2019 — A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897. Se presenta una vulnerabilidad de inyección de comando cuando el usuario autorizado pasa el parámetro diseñado hacia el proceso en segundo plano en el enrutador. Esto afecta a los productos de la serie de enrutadores 360 (360 Safe Router P0, P1, P2, P3, P4), la versión a... • https://security.360.cn/News/news/id/188.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4769
https://notcve.org/view.php?id=CVE-2011-4769
25 Jan 2012 — The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. La aplicación 360 MobileSafe (com.qihoo360.mobilesafe) versiones 2.x anteriores a 2.3.0 para Android, no protege apropiadamente los datos, lo que permite a los atacantes remotos leer o modificar mensajes SMS y una lista de contactos por medio de una aplicación diseñada. • http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4769-vulnerability-in-360MobileSafe.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4772
https://notcve.org/view.php?id=CVE-2011-4772
25 Jan 2012 — The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. La aplicación 360 KouXin (com.qihoo360.kouxin) v1.5.3 para Android no protege correctamente los datos, lo que permite a atacantes remotos leer o modificar mensajes SMS y una lista de contacto a través de una aplicación modificada. • http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4772-vulnerability-in-360KouXin.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-0430 – 360 Web Manager 3.0 - 'IDFM' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0430
23 Jan 2008 — SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. Vulnerabilidad de inyección SQL en form.php de 360 Web Manager 3.0 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro IDFM. • https://www.exploit-db.com/exploits/4944 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •