Heatmiser Net Monitor v3.03 allows HTML Injection via the outputSetup.htm outputtitle parameter. The HTML Injection vulnerability was discovered in v3.03 version of Net Monitor from the Heatmiser manufacturer. This vulnerability is vulnerable to hardware that use this software.
It has been discovered that in the v1.09 version of Image Monitor from RICOH, HTML Injection can be run on the /web/entry/en/address/adrsSetUserWizard.cgi function. This vulnerability affected all hardware that uses the entire Image Monitor v1.09.
An HTML Injection vulnerability has been discovered on the RICOH SP 4510SF via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
The exploit triggers a stack overflow vulnerability in Domain Quester Pro 6.02. By pasting a specially crafted payload into the 'Domain Name Keywords' textbox, an attacker can cause the program to freeze and a bind shell to be opened on TCP port 9999, allowing for remote code execution.
MyDomoAtHome REST API is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
Hard-coded Credentials security vulnerability of Netmonitor model v3.03 from Heatmiser manufacturer has been discovered. With this vulnerability, the hidFrm form in the source code of the page anonymously has access to hidden input codes. This information is contained in the input field of the hidFrm form in the source code lognm and logpd.
The AVE DOMINAplus version 1.10.x is vulnerable to an authentication bypass exploit. This vulnerability allows an attacker to bypass the authentication mechanism and gain unauthorized access to the system. The affected versions include Web Server Code 53AB-WBS - 1.10.62, Touch Screen Code TS01 - 1.0.65, Touch Screen Code TS03x-V | TS04X-V - 1.10.45a, and Touch Screen Code TS05 - 1.10.36. The exploit can be used on various models and versions of the AVE DOMINAplus system.
This exploit allows an attacker to remotely reboot AVE DOMINAplus devices without authentication.
The CSRF vulnerability was discovered in the WorkCentre® 7830 printer model of Xerox printer hardware. A request to add users is made in the Device User Database form field. This request is captured by the proxy. And a CSRF PoC HTML file is prepared. WorkCentre® 7830 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
The CSRF vulnerability was discovered in the WorkCentre® 7855 printer model of Xerox printer hardware. A request to add users is made in the Device User Database form field. This request is captured by the proxy. And a CSRF PoC HTML file is prepared. WorkCentre® 7855 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
Services By CQR
