CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 3CVE-2019-12506 – Logitech R700 Laser Presentation Remote Keystroke Injection
https://notcve.org/view.php?id=CVE-2019-12506
04 Jun 2019 — Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. Debido a la comunicación de datos no cifrada y no auten... • http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html • CWE-306: Missing Authentication for Critical Function CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-15720
https://notcve.org/view.php?id=CVE-2018-15720
20 Dec 2018 — Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. Logitech Harmony Hub, en versiones anteriores a la 4.15.206, contenía dos cuentas embebidas en el servidor XMPP que otorgaba a los usuarios remotos acceso a la API local. • https://www.tenable.com/security/research/tra-2018-47 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2018-15721
https://notcve.org/view.php?id=CVE-2018-15721
20 Dec 2018 — The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API. El servidor XMPP en Logitech Harmony Hub, en versiones anteriores a la 4.15.206, es vulnerable a una omisión de autenticación mediante una petición XMPP manipulada. Los atacantes remotos podrían explotar esta vulnerabilidad para obtener acceso a la API local. • https://www.tenable.com/security/research/tra-2018-47 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2018-15722
https://notcve.org/view.php?id=CVE-2018-15722
20 Dec 2018 — The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response. Logitech Harmony Hub, en versiones anteriores a la 4.15.206, es vulnerable a una inyección de comandos del sistema operativo mediante la petición de actualización de tiempo. Un servidor remoto o Man-in-the-Middle (MitM) puede inyectar comandos del sistema operativo con una respuesta correctamente fo... • https://www.tenable.com/security/research/tra-2018-47 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 1CVE-2018-15723
https://notcve.org/view.php?id=CVE-2018-15723
20 Dec 2018 — The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo). Logitech Harmony Hub, en versiones anteriores a la 4.15.206, es vulnerable a una inyección de comandos a nivel de aplicación mediante una petición HTTP manipulada. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para eje... • https://www.tenable.com/security/research/tra-2018-47 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0620
https://notcve.org/view.php?id=CVE-2018-0620
26 Jul 2018 — Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no fiable en LOGICOOL Game Software en sus versiones 8.87.116 y anteriores permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado. • http://jvn.jp/en/jp/JVN52574492/index.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0621
https://notcve.org/view.php?id=CVE-2018-0621
26 Jul 2018 — Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no fiable en LOGICOOL CONNECTION UTILITY SOFTWARE en versiones anteriores a la 2.30.9 permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado. • http://jvn.jp/en/jp/JVN52574492/index.html • CWE-426: Untrusted Search Path •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2017-16567 – Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16567
07 Nov 2017 — Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite." Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de "favorite". Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently ... • https://packetstorm.news/files/id/144906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2017-16568 – Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16568
07 Nov 2017 — Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de una URL radio. Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScrip... • https://packetstorm.news/files/id/144906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2017-15687 – Logitech Media Server - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15687
23 Oct 2017 — DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. Existe Cross-Site Scripting (XSS) basado en DOM en Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0 y 7.9.1 mediante una URI manipulada. • https://www.exploit-db.com/exploits/43024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •