Skip to content

Instantly share code, notes, and snippets.

@fuzzKitty
fuzzKitty / gist:8ca2587213874e94e5c0aedf346c18b1
Created November 17, 2021 14:44
CVE-2020-23617 - Totolink N200RE and N100RE Routers - 2.0
CVE-2020-23617
Vulnerable Product Version: Totolink N200RE and N100RE Routers - 2.0
Vendor: http://totolink.net/
Vulnerability Type: Cross Site Scripting (XSS)
Description: A cross site scripting (XSS) vulnerability in ther error page of
Totolink N200RE and N100RE Routers 2.0 allows attackers to execute
arbitrary web scripts or HTML via a SCRIPT element.
Discovered by:
Omri Inbar, Shlomo Ben Yosef
@fuzzKitty
fuzzKitty / gist:3f62b37b8fc44ee996d3f07442f9a3a2
Created November 17, 2021 14:50
CVE-2020-23618 - Xtend Voice Logger - 1.0
Vulnerable Product Version: Xtend Voice Logger - 1.0
Vendor: http://www.xtendtech.com/
Vulnerability Type: Cross Site Scripting (XSS)
Description: A reflected cross site scripting (XSS) vulnerability in Xtend Voice
Logger 1.0 allows attackers to execute arbitrary web scripts or HTML
via the path of the error page.
Discovered by:
Omri Inbar, Shlomo Ben Yosef
@fuzzKitty
fuzzKitty / gist:95106430aa09760ebdcfa6304777f31f
Created November 17, 2021 14:54
CVE-2020-23620 - Orlansoft ERP Java Remote Management Interface
Vulnerable Product Version: Orlansoft ERP Java Remote Management Interface - All versions
Vendor: https://orlansoft.com/
Vulnerability Type: CWE-502 - Deserialization of Untrusted Data
Description: The Java Remote Management Interface of all versions of Orlansoft ERP
was discovered to contain a vulnerability due to insecure
deserialization of user-supplied content, which can allow attackers to
execute arbitrary code via a crafted serialized Java object.
Discovered by:
Omri Inbar, Shlomo Ben Yosef, Tal Sheinfeld
@fuzzKitty
fuzzKitty / gist:dd1c6fac4f36e70ea64814732726aaea
Created November 17, 2021 14:57
CVE-2020-23621 - SVI MS Java Remote Management Interface
Vulnerable Product Version: SVI MS Management System - All versions
Vendor: https://www.squire-technologies.co.uk/
Vulnerability Type: CWE-502 - Deserialization of Untrusted Data
Description: The Java Remote Management Interface of all versions of SVI MS
Management System was discovered to contain a vulnerability due to
insecure deserialization of user-supplied content, which can allow
attackers to execute arbitrary code via a crafted serialized Java
object.
Discovered by: