Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not. Rated low severity (CVSS 2.9). Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.