5 results (0.019 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ef6b32c527478fefe7a4436e10b96ee28ed5b308. • https://github.com/sileht/bird-lg/commit/ef6b32c527478fefe7a4436e10b96ee28ed5b308 https://github.com/sileht/bird-lg/pull/82 https://vuldb.com/?id.216479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. Cougar-LG almacena información confidencial bajo la raíz web con control de acceso insuficiente, lo que permite a atacantes remotos obtener credenciales. • http://www.s3.eurecom.fr/cve/CVE-2014-3928.txt https://github.com/Cougar/lg/issues/4 https://hackerone.com/reports/16330 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys. La configuración predeterminada para Cougar-LG almacena la información confidencial bajo la raíz web con un control de acceso insuficiente, lo que podría permitir a atacantes remotos obtener claves ssh privadas. • http://www.s3.eurecom.fr/cve/CVE-2014-3929.txt https://github.com/Cougar/lg/issues/5 https://hackerone.com/reports/16330 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials. Lg.pl en Cistron-LG 1.01 almacena información confidencial bajo la raíz web con controles de acceso insuficientes, lo que permite a atacantes remotos obtener direcciones IP y otras credenciales de router no especificadas. • http://www.s3.eurecom.fr/cve/CVE-2014-3930.txt https://hackerone.com/reports/16330 • CWE-284: Improper Access Control •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. Vulnerabilidad de XSS en lg.cgi en Cougar LG 1.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través del parámetro "addr". • http://blog.talosintelligence.com/2014/09/looking-glasses-with-bacon.html https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9 https://github.com/Cougar/lg/issues/3 https://hackerone.com/reports/16330 https://tools.cisco.com/security/center/viewAlert.x?alertId=35685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •