Page 3 of 18 results (0.010 seconds)

CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 3

LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. Los dispositivos LOYTEC LGATE-902 en la versión 6.3.2 permiten la eliminación arbitraria de archivos. Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html http://seclists.org/fulldisclosure/2019/Apr/12 https://seclists.org/fulldisclosure/2019/Apr/12 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 3

LOYTEC LGATE-902 6.3.2 devices allow XSS. Los dispositivos YTEC LGATE-902 versión 6.3.2 permiten Cross-Site Scripting (XSS). Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html http://seclists.org/fulldisclosure/2019/Apr/12 https://seclists.org/fulldisclosure/2019/Apr/12 https://www.mag-securs.com/alertes/artmid/1894/articleid/41651/loytec-lgate-902-up-to-641-alarm-log-obj-handle-cross-site-scripting.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 10%CPEs: 2EXPL: 3

LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. Los dispositivos LOYTEC LGATE-902 versión 6.3.2 permiten un salto de directorio. Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. • http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html http://seclists.org/fulldisclosure/2019/Apr/12 https://seclists.org/fulldisclosure/2019/Apr/12 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link. Se ha descubierto una vulnerabilidad de Cross-Site Scripting en las versiones anteriores a 6.2.0 de LOYTEC LVIS-3ME. La interfaz web carece de un esquema de validación de peticiones web correcto, lo que puede permitir que se produzcan ataques de Cross-Site Scripting (XSS) si se engaña a un usuario autenticado de la interfaz web para que acceda a un enlace malicioso. • http://www.securityfocus.com/bid/100847 https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. Se descubrió un problema de protección insuficiente de credenciales en las versiones anteriores a la 6.2.0 de LOYTEC LVIS-3ME. La aplicación no ofrece una protección suficiente para la información sensible contra accesos no autorizados. • http://www.securityfocus.com/bid/100847 https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 • CWE-522: Insufficiently Protected Credentials •