Details of VAR-E-201112-0030

ID

VAR-E-201112-0030

CVE

cve_id:	CVE-2011-4836	Trust: 1.9
cve_id:	CVE-2011-4837	Trust: 0.3
cve_id:	CVE-2011-4835	Trust: 0.3

sources: BID: 50978 // EXPLOIT-DB: 36429 // EDBNET: 57762

EDB ID

36429

TITLE

HomeSeer HS2 2.5.0.20 - Web Interface Log Viewer Page URI Cross-Site Scripting - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36429

DESCRIPTION

HomeSeer HS2 2.5.0.20 - Web Interface Log Viewer Page URI Cross-Site Scripting. CVE-2011-4836CVE-77588 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 36429

AFFECTED PRODUCTS

vendor:

homeseer

model:

hs2

scope:

version:

2.5.0.20

Trust: 1.3

sources: BID: 50978 // EXPLOIT-DB: 36429

EXPLOIT

source: https://www.securityfocus.com/bid/50978/info

HS2 web interface is prone to multiple security vulnerabilities:

1. An HTML-injection vulnerability.
2. A cross-site request-forgery vulnerability.
3. A directory-traversal vulnerability.

Attackers can exploit these issues to perform certain actions in the context of an authorized user's session, run arbitrary HTML and script code, and transfer files outside of the web directory. Other attacks may also be possible.

HomeSeer HS2 2.5.0.20 is vulnerable; prior versions may also be affected.

http://www.example.com/example<script>alert(document.cookie)</script>

Trust: 1.0

sources: EXPLOIT-DB: 36429

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36429

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36429

TYPE

Web Interface Log Viewer Page URI Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 36429

CREDITS

Silent Dream

Trust: 0.6

sources: EXPLOIT-DB: 36429

EXTERNAL IDS

db:	EXPLOIT-DB	id:	36429	Trust: 1.9
db:	NVD	id:	CVE-2011-4836	Trust: 1.9
db:	BID	id:	50978	Trust: 1.9
db:	EDBNET	id:	57762	Trust: 0.6
db:	CERT/CC	id:	VU#796883	Trust: 0.3
db:	NVD	id:	CVE-2011-4837	Trust: 0.3
db:	NVD	id:	CVE-2011-4835	Trust: 0.3

sources: BID: 50978 // EXPLOIT-DB: 36429 // EDBNET: 57762

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2011-4836	Trust: 1.6
url:	https://www.securityfocus.com/bid/50978/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/36429/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/36429	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/796883	Trust: 0.3
url:	http://www.homeseer.com/downloads/	Trust: 0.3

sources: BID: 50978 // EXPLOIT-DB: 36429 // EDBNET: 57762

SOURCES

db:	BID	id:	50978
db:	EXPLOIT-DB	id:	36429
db:	EDBNET	id:	57762

LAST UPDATE DATE

2022-07-27T09:15:58.664000+00:00

SOURCES UPDATE DATE

db:

BID

id:

50978

date:

2011-12-16T18:08:00

SOURCES RELEASE DATE

db:	BID	id:	50978	date:	2011-12-08T00:00:00
db:	EXPLOIT-DB	id:	36429	date:	2011-12-08T00:00:00
db:	EDBNET	id:	57762	date:	2011-12-08T00:00:00