fuzzKitty
fuzzKitty
/ gist:dd1c6fac4f36e70ea64814732726aaea
Created
November 17, 2021 14:57
CVE-2020-23621 - SVI MS Java Remote Management Interface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerable Product Version: SVI MS Management System - All versions | |
| Vendor: https://www.squire-technologies.co.uk/ | |
| Vulnerability Type: CWE-502 - Deserialization of Untrusted Data | |
| Description: The Java Remote Management Interface of all versions of SVI MS | |
| Management System was discovered to contain a vulnerability due to | |
| insecure deserialization of user-supplied content, which can allow | |
| attackers to execute arbitrary code via a crafted serialized Java | |
| object. | |
| Discovered by: |
fuzzKitty
/ gist:95106430aa09760ebdcfa6304777f31f
Created
November 17, 2021 14:54
CVE-2020-23620 - Orlansoft ERP Java Remote Management Interface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerable Product Version: Orlansoft ERP Java Remote Management Interface - All versions | |
| Vendor: https://orlansoft.com/ | |
| Vulnerability Type: CWE-502 - Deserialization of Untrusted Data | |
| Description: The Java Remote Management Interface of all versions of Orlansoft ERP | |
| was discovered to contain a vulnerability due to insecure | |
| deserialization of user-supplied content, which can allow attackers to | |
| execute arbitrary code via a crafted serialized Java object. | |
| Discovered by: | |
| Omri Inbar, Shlomo Ben Yosef, Tal Sheinfeld |
fuzzKitty
/ gist:3f62b37b8fc44ee996d3f07442f9a3a2
Created
November 17, 2021 14:50
CVE-2020-23618 - Xtend Voice Logger - 1.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerable Product Version: Xtend Voice Logger - 1.0 | |
| Vendor: http://www.xtendtech.com/ | |
| Vulnerability Type: Cross Site Scripting (XSS) | |
| Description: A reflected cross site scripting (XSS) vulnerability in Xtend Voice | |
| Logger 1.0 allows attackers to execute arbitrary web scripts or HTML | |
| via the path of the error page. | |
| Discovered by: | |
| Omri Inbar, Shlomo Ben Yosef |
fuzzKitty
/ gist:8ca2587213874e94e5c0aedf346c18b1
Created
November 17, 2021 14:44
CVE-2020-23617 - Totolink N200RE and N100RE Routers - 2.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2020-23617 | |
| Vulnerable Product Version: Totolink N200RE and N100RE Routers - 2.0 | |
| Vendor: http://totolink.net/ | |
| Vulnerability Type: Cross Site Scripting (XSS) | |
| Description: A cross site scripting (XSS) vulnerability in ther error page of | |
| Totolink N200RE and N100RE Routers 2.0 allows attackers to execute | |
| arbitrary web scripts or HTML via a SCRIPT element. | |
| Discovered by: | |
| Omri Inbar, Shlomo Ben Yosef |