CVE-2020-19660

Cross Site Scripting XSS pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values...

CVE-2019-19660

A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html...

CVE-2023-34284

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-34284

CVE-2023-34284 affects NETGEAR RAX30 routers. The vulnerability is caused by a hard-coded user account in the system configuration that can be used to access the CLI service as a low-privileged user, allowing network-adjacent attackers to bypass authentication without any user interaction. The is...

CVE-2023-34284 NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-34284 NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

Moxa NPort W2x50A Authenticated OS Command Injection in Web Server WLAN Profile Properties Functionality (CVE-2018-19660)

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user...

CVE-2020-19660

Cross Site Scripting XSS pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values...

CVE-2020-19660

Cross Site Scripting XSS pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values...

CVE-2020-19660

Cross Site Scripting XSS pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values...

CVE-2020-19660

CVE-2020-19660: XSS in pandao/editor.md 1.5.0 due to unsafe handling of linked URL values in editor.md’s HTML filtering path (filterHTMLTags). Exploitation status not publicly detailed in the provided sources; CVSS indicates network attack vector, low attack complexity, no privileges required, us...

CVE-2019-19660

A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html...

CVE-2019-19660

The CVE-2019-19660 entry concerns a CSRF vulnerability in the Web File Manager’s Network Settings of Rumpus FTP Server 8.2.9.1 . The issue allows an attacker to manipulate settings such as the SMTP value and other network parameters via RAPR/NetworkSettingsSet.html . Affected component is the Web...

CVE-2018-19660

CVE-2018-19660 affects Moxa NPort W2x50A devices with firmware prior to 2.2 Build_18082311. The vulnerability resides in the web server functionality and stems from an authenticated OS command injection via a specially crafted HTTP POST to /goform/webSettingProfileSecurity, potentially allowing r...

Moxa NPort W2x50A 2.1 OS Command Injection Vulnerability

Moxa NPort W2x50A products with firmware version 2.1 Build17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities. Moxa NPort W2x50A products with firmware version 2.1 Build17112017 or lower are vulnerable to several authenticated OS Command Injection...

Moxa NPort W2x50A 2.1 OS Command Injection

Moxa NPort W2x50A products with firmware version 2.1 Build17112017 or lower are vulnerable to several authenticated OS Command Injection vulnerabilities: 1 Authenticated OS Command Injection in web server ping functionality Reserverd CVE ID: CVE-2018-19659 A specially crafted HTTP POST request to...

MaxDB WebDBM Database Parameter Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'MaxDB WebDBM...

MySQL MaxDB WebDBM database name buffer overflow

Added: 09/06/2006 CVE: CVE-2006-4305 BID: 19660 OSVDB: 28300 Background MaxDB is a SAP-certified open-source database developed by MySQL. Problem A buffer overflow in MaxDB allows remote attackers to execute arbitrary commands by sending a long database name from a WebDBM client. Resolution Upgra...