261 matches found
Meinberg LANTIME Web Interface Cross-site Scripting (CVE-2014-5417)
Cross-site scripting XSS vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
CVE-2024-30572
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntpserver parameter...
CVE-2024-30572
CVE-2024-30572 affects Netgear R6850 firmware 1.1.0.88, where the ntp_server parameter is vulnerable to command injection, enabling arbitrary command execution. Root cause: inadequate validation/filtering of input fed to ntp_server. Impact per the CVSSv3.1 vector (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/...
TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy
A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...
The vulnerability of the sub_420AE0() function in Trendnet’s router software TEW-824DRU allows a hacker to execute arbitrary code.
The vulnerability of the sub420AE0 function in Trendnet’s router software TEW-824DRU is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the system.ntp.server parameter...
PT-2024-1406 · Trendnet · Trendnet Tew-824Dru
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-824DRU version 1.04b01 Description: An issue in the TRENDnet TEW-824DRU allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub 420AE0 function. The attack can be launched remotel...
Rockwell Automation Stratix Denial of Service by Priming the Pump (CVE-2015-7705)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
Rockwell Automation Stratix Network Time Protocol Remote Configuration Denial of Service (CVE-2015-7850)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
Rockwell Automation Stratix Network Time Protocol ntpd saveconfig Directory Traversal (CVE-2015-7851)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
XenServer can't sync time from Windows domain controller
This article provides instruction to synchronize XenServer system time with Windows domain controller/NTP Server...
CVE-2023-3036
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...
Code injection
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...
CVE-2023-3036 Out of Bounds Slice index in cfnts leads to remote panic
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...
CVE-2023-3036 Out of Bounds Slice index in cfnts leads to remote panic
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...
CVE-2023-3036
CVE-2023-3036 affects github.com/cloudflare/cfnts prior to commit 783490b. The issue is an unchecked read in the NTP server implementation, enabling a remote attacker to trigger a panic by sending an NTSAuthenticator packet with an extension length longer than the packet contents. Affected: cfnts...
The vulnerability of D-Link DIR-825 router’s microprogramming software lies in the lack of measures to clean incoming data, allowing attackers to execute arbitrary commands.
The vulnerability of D-Link DIR-825 router’s microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created POST request, ntpsync.cgi, through the ntpserver...
Virtuozzo Hybrid Infrastructure 5.4 Update 2 (5.4.2-58)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute services, core and object storage, integrations, monitoring and alerts. Additionally, this release delivers stability improvements and addresses issues found in previous releases. Vulnerabilit...
CVE-2023-2573
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...
Command injection
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...
CVE-2023-2573 Authenticated Command Injection
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...