[FD] CVE-2014-5438: Arris TG862G - Cross-site Scripting (XSS)

) - Description: - Title: Cross-site Scripting (XSS) CVE: CVE-2014-5438 CWE: CWE-79: http://cwe.mitre.org/data/definitions/79.html Researcher: Seth Art - @sethsec - POC - Reflected, post authentication XSS

[FD] CVE-2014-5437: Arris TG862G - Cross-site Request Forgery (CSRF)

) - Description: - Title: Cross-site Request Forgery (CSRF) CVE: CVE-2014-5437 CWE: CWE-352: http://cwe.mitre.org/data/definitions/352.html Researcher: Seth Art - @sethsec POC - Enable remote management

[FD] CVE-2014-2227: Ubiquiti Networks - AirVision v2.1.3 - Overly Permissive default crossdomain.xml

: - Title: Overly Permissive default crossdomain.xml file CVE: CVE-2014-2227 CWE: http://cwe.mitre.org/data/definitions/264.html Detailed writeup: http://sethsec.blogspot.com/2014/07/cve-2014-2227.html Researcher: Seth Art - @sethsec

[FD] CVE-2014-2226: Ubiquiti Networks - UniFi Controller - Admin/root password hash sent via syslog

: - Title: Admin/Root password hash sent via syslog messages CVE: CVE-2014-2226 CWE: http://cwe.mitre.org/data/definitions/319.html Detailed writeup: http://sethsec.blogspot.com/2014/07/cve-2014-2226.html Researcher: Seth Art - @sethsec If remote logging is enabled on the UniFi controller

[FD] CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF)

affected - Description: - Title: Cross-site Request Forgery (CSRF) CVE: CVE-2014-2225 CWE: http://cwe.mitre.org/data/definitions/352.html Detailed writeup: http://sethsec.blogspot.com/2014/07/cve-2014-2225.html Researcher: Seth Art - @sethsec --- UniFi POC