EUVD-2020-29792

Malware in sbrugna...

D-Link DIR-2150 安全漏洞

The D-Link DIR-2150 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-2150 that stems from an incorrect authentication bypass vulnerability implemented by the LoginPassword authentication algorithm...

The vulnerability in the web interface for managing D-Link DIR-2640-US microprogramming software allows a hacker to bypass security restrictions.

The vulnerability of the web interface for managing D-Link DIR-2640-US microprogramming software is related to deficiencies in the authentication process when processing the LoginPassword parameter. Exploiting this vulnerability allows a malicious actor to bypass security restrictions by sending ...

PT-2022-6578 · D Link · D-Link Dir-2640

Name of the Vulnerable Software and Affected Versions: D-Link DIR-2640 affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. The flaw exists within the web management interface, whic...

(0Day) D-Link DCS-960L HNAP LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from...

Stack overflow

A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint...

CVE-2020-8962

CVE-2020-8962 describes a stack-based buffer overflow in the D-Link DIR-842 REVC, caused by the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint (firmware v3.13B09 HOTFIX). The provided documents do not explicitly detail the impact beyond the overflow descriptio...

CVE-2019-15530

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 exploitable with Authentication via shell metacharacters in the LoginPassword field to Login...

Command injection

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 exploitable with Authentication via shell metacharacters in the LoginPassword field to Login...

CVE-2019-15530

An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 exploitable with Authentication via shell metacharacters in the LoginPassword field to Login...

eservice.gov.bd XSS vulnerability

Open Bug Bounty ID: OBB-442714 Description| Value ---|--- Affected Website:| eservice.gov.bd Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

CVE-2017-16902

Vonage VDV-23 115 devices running firmware 3.2.11-0.9.40 are affected by CVE-2017-16902. A long string in loginUsername or loginPassword sent to goform/login can trigger a crash and router reboot, effectively a denial-of-service. CNVD-2017-37697 corroborates the reboot via a long login field; 133...

CVE-2015-6017

Multiple cross-site scripting XSS vulnerabilities in Forms/rpAuth1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40AXH.0 allow remote attackers to inject arbitrary web script or HTML via the 1 LoginPassword or 2 hiddenPassword parameter...

CVE-2008-0097

Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server GSWSSHD 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message...

Format string

Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server GSWSSHD 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message...

CVE-2008-0097

Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server GSWSSHD 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message...