CVE-2016-2138

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.

Source: CVE-2016-2138

CVE-2021-22648

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.

Source: CVE-2021-22648

CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.

Source: CVE-2022-1805

CVE-2021-22642

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.

Source: CVE-2021-22642

CVE-2021-22644

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft� with a hardcoded key.

Source: CVE-2021-22644

CVE-2021-22640

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.

Source: CVE-2021-22640

CVE-2022-35882

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress.

Source: CVE-2022-35882

CVE-2021-22646

The “ipk� package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.

Source: CVE-2021-22646

CVE-2016-2139

In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.

Source: CVE-2016-2139

CVE-2022-27509

Unauthenticated redirection to a malicious website

Source: CVE-2022-27509