CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0621
https://notcve.org/view.php?id=CVE-2018-0621
Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no fiable en LOGICOOL CONNECTION UTILITY SOFTWARE en versiones anteriores a la 2.30.9 permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado. • http://jvn.jp/en/jp/JVN52574492/index.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0620
https://notcve.org/view.php?id=CVE-2018-0620
Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no fiable en LOGICOOL Game Software en sus versiones 8.87.116 y anteriores permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado. • http://jvn.jp/en/jp/JVN52574492/index.html • CWE-426: Untrusted Search Path •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16567 – Logitech Media Server 7.9.0 - 'favorites' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16567
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite." Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de "favorite". Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/43122 https://github.com/dewankpant/CVE-2017-16567 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16568 – Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-16568
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. Una vulnerabilidad Cross-Site Scripting (XSS) en Logitech Media Server 7.9.0 permite que atacantes remotos inyecten scripts web o HTML arbitrarios a través de una URL radio. Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/43123 https://github.com/dewankpant/CVE-2017-16568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2017-15687 – Logitech Media Server - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15687
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. Existe Cross-Site Scripting (XSS) basado en DOM en Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0 y 7.9.1 mediante una URI manipulada. • https://www.exploit-db.com/exploits/43024 https://fireshellsecurity.team/assets/pdf/DOM-Based-Cross-Site-Scripting-_XSS_-Logitech-Media-Server.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •