CVE-2020-12111

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304...

Linux Distros Unpatched Vulnerability : CVE-2019-12111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. CVE-2019-121...

CVE-2024-12111

In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.34.4; 24.34.5...

CVE-2024-12111 Potential LDAP injection vulnerability in OpenText Privileged Access Manager

In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.34.4; 24.34.5...

Ubuntu: Security Advisory (USN-4542-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : MiniUPnPd vulnerabilities (USN-4542-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4542-1 advisory. It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive...

TP-LINK Cloud Cameras Command Injection (CVE-2020-12111; CVE-2020-12109)

A command injection vulnerability exists in TP-LINK cloud cameras. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection Vulnerability

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method handler for /setEncryptKey.fcgi of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a...

CVE-2020-12111

TP-Link NC260 and NC450 web cameras are affected by CVE-2020-12111: a command-injection in the httpSetEncryptKeyRpm handler for /setEncryptKey.fcgi that allows a remote attacker with web access to execute commands as root. Affected versions are NC260 <= 1.5.2 build 200304 and NC450 <= 1.5.3...

CVE-2020-12111

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304...

TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection

Vulnerability title: TP-LINK Cloud Cameras NCXXX SetEncryptKey Command Injection Author: Pietro Oliva CVE: CVE-2020-12111 Vendor: TP-LINK Product: NC260, NC450 Affected version: NC260 %s/%08X" 0x00491734 lw a1, EncryptKeyparam ; Attacker controlled string 0x00491738 lw a2, -0x7fd4gp 0x0049173c no...

Fedora 31 : miniupnpd (2019-0a26e06dd5)

Security patches. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

CVE-2019-12111

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c...

CVE-2019-12111

CVE-2019-12111 affects MiniUPnPd (miniupnpd) up to version 2.1, caused by a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c leading to Denial of Service. Public references in multiple advisories (Debian DLA-1811, Fedora update FEDORA-2019-0a26e06dd5, Ubuntu USN-4542-1) indicate a p...

Canon PrintMe EFI - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Title: Canon PrintMe EFI - Cross-Site Scripting Exploit Author: Huy Kha Vendor Homepage: https://www.efi.com/ Version: Canon PrintMe EFI Tested on: Mozilla FireFox CVE: CVE-2018-12111 XSS Payload used: '"--! PoC GET...

Canon PrintMe EFI - Cross-Site Scripting

Title: Canon PrintMe EFI - Cross-Site Scripting Date: 9.6.2018-06-09 Exploit Author: Huy Kha Vendor Homepage: https://www.efi.com/ Version: Canon PrintMe EFI Tested on: Mozilla FireFox CVE: CVE-2018-12111 XSS Payload used: '"--! PoC GET...

Canon PrintMe EFI Cross Site Scripting

Title: Canon PrintMe EFI - Cross-Site Scripting Date: 9.6.2018-06-09 Exploit Author: Huy Kha Vendor Homepage: https://www.efi.com/ Version: Canon PrintMe EFI Tested on: Mozilla FireFox CVE: CVE-2018-12111 XSS Payload used: '"--! PoC GET...

Canon PrintMe EFI - Cross-Site Scripting

Canon PrintMe EFI - Cross-Site Scripting Title: Canon PrintMe EFI - Cross-Site Scripting Date: 9.6.2018-06-09 Exploit Author: Huy Kha Vendor Homepage: https://www.efi.com/ Version: Canon PrintMe EFI Tested on: Mozilla FireFox CVE: CVE-2018-12111 XSS Payload used: '"--! PoC GET...

CVE-2018-12111

Cross-site scripting XSS vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /wt3/mydocs.php URI...

CVE-2018-12111

The provided connected sources confirm CVE-2018-12111 affects Canon PrintMe EFI webinterface, specifically the /wt3/mydocs.php URI. The vulnerability is a Cross-Site Scripting (XSS) flaw where an attacker can inject arbitrary script/HTML via PATH_INFO, enabling code execution in the context of th...