This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Suggeted description | |
The WebControl in | |
RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. | |
The file nodejs/raspberryTortoise.js has no validation on the | |
parameter incomingString before passing it to the child_process.exec | |
function. | |
------------------------------------------ | |
[Additional Information] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Description] | |
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this | |
vulnerability by crafting arbitrary JavaScript in the sta GET parameter. | |
------------------------------------------ | |
[Additional Information] | |
Step To Reproduce-: | |
1. Login with the credential. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Description] | |
NeDi 1.9C is vulnerable to reflected cross-site scripting. The | |
Other-Converter.php file improperly validates | |
user input. An attacker can exploit this | |
vulnerability by crafting arbitrary JavaScript | |
in the txt GET parameter. | |
------------------------------------------ | |
[Additional Information] |