PreethamBomma
PreethamBomma
/ CVE-2020-15477
Created
July 20, 2020 13:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Suggeted description | |
| The WebControl in | |
| RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. | |
| The file nodejs/raspberryTortoise.js has no validation on the | |
| parameter incomingString before passing it to the child_process.exec | |
| function. | |
| ------------------------------------------ | |
| [Additional Information] |
PreethamBomma
/ CVE-2020-15017_Nedi XSS
Created
June 26, 2020 08:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Description] | |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this | |
| vulnerability by crafting arbitrary JavaScript in the sta GET parameter. | |
| ------------------------------------------ | |
| [Additional Information] | |
| Step To Reproduce-: | |
| 1. Login with the credential. |
PreethamBomma
/ CVE-2020-15016_Nedi XSS
Last active
June 26, 2020 08:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Description] | |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The | |
| Other-Converter.php file improperly validates | |
| user input. An attacker can exploit this | |
| vulnerability by crafting arbitrary JavaScript | |
| in the txt GET parameter. | |
| ------------------------------------------ | |
| [Additional Information] |