CVE-2021-4274 – sileht bird-lg layout.html cross site scripting
https://notcve.org/view.php?id=CVE-2021-4274
A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ef6b32c527478fefe7a4436e10b96ee28ed5b308. • https://github.com/sileht/bird-lg/commit/ef6b32c527478fefe7a4436e10b96ee28ed5b308 https://github.com/sileht/bird-lg/pull/82 https://vuldb.com/?id.216479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVE-2014-3928
https://notcve.org/view.php?id=CVE-2014-3928
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. Cougar-LG almacena información confidencial bajo la raíz web con control de acceso insuficiente, lo que permite a atacantes remotos obtener credenciales. • http://www.s3.eurecom.fr/cve/CVE-2014-3928.txt https://github.com/Cougar/lg/issues/4 https://hackerone.com/reports/16330 • CWE-284: Improper Access Control •
CVE-2014-3929
https://notcve.org/view.php?id=CVE-2014-3929
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys. La configuración predeterminada para Cougar-LG almacena la información confidencial bajo la raíz web con un control de acceso insuficiente, lo que podría permitir a atacantes remotos obtener claves ssh privadas. • http://www.s3.eurecom.fr/cve/CVE-2014-3929.txt https://github.com/Cougar/lg/issues/5 https://hackerone.com/reports/16330 • CWE-284: Improper Access Control •
CVE-2014-3930
https://notcve.org/view.php?id=CVE-2014-3930
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials. Lg.pl en Cistron-LG 1.01 almacena información confidencial bajo la raíz web con controles de acceso insuficientes, lo que permite a atacantes remotos obtener direcciones IP y otras credenciales de router no especificadas. • http://www.s3.eurecom.fr/cve/CVE-2014-3930.txt https://hackerone.com/reports/16330 • CWE-284: Improper Access Control •
CVE-2014-3926
https://notcve.org/view.php?id=CVE-2014-3926
Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. Vulnerabilidad de XSS en lg.cgi en Cougar LG 1.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través del parámetro "addr". • http://blog.talosintelligence.com/2014/09/looking-glasses-with-bacon.html https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9 https://github.com/Cougar/lg/issues/3 https://hackerone.com/reports/16330 https://tools.cisco.com/security/center/viewAlert.x?alertId=35685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •