Lucene search
+L

261 matches found

nessus
nessus
added 2024/05/02 12:0 a.m.18 views

Meinberg LANTIME Web Interface Cross-site Scripting (CVE-2014-5417)

Cross-site scripting XSS vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

7.5CVSS5.5AI score0.01849EPSS
Exploits0References4
osv
osv
added 2024/04/03 1:16 p.m.3 views

CVE-2024-30572

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntpserver parameter...

8CVSS5.8AI score0.01484EPSS
Exploits1References2
cve
cve
added 2024/04/03 12:0 a.m.68 views

CVE-2024-30572

CVE-2024-30572 affects Netgear R6850 firmware 1.1.0.88, where the ntp_server parameter is vulnerable to command injection, enabling arbitrary command execution. Root cause: inadequate validation/filtering of input fed to ntp_server. Impact per the CVSSv3.1 vector (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/...

8CVSS7.9AI score0.01484EPSS
Exploits1References2Affected Software1
thn
thn
added 2024/03/29 12:12 p.m.62 views

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...

7.5AI score
Exploits0
bdu_fstec
bdu_fstec
added 2024/01/31 12:0 a.m.6 views

The vulnerability of the sub_420AE0() function in Trendnet’s router software TEW-824DRU allows a hacker to execute arbitrary code.

The vulnerability of the sub420AE0 function in Trendnet’s router software TEW-824DRU is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the system.ntp.server parameter...

10CVSS7.7AI score0.00498EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2024/01/26 12:0 a.m.6 views

PT-2024-1406 · Trendnet · Trendnet Tew-824Dru

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-824DRU version 1.04b01 Description: An issue in the TRENDnet TEW-824DRU allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub 420AE0 function. The attack can be launched remotel...

10CVSS8.3AI score0.00498EPSS
Exploits1References8
nessus
nessus
added 2023/11/15 12:0 a.m.31 views

Rockwell Automation Stratix Denial of Service by Priming the Pump (CVE-2015-7705)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

9.8CVSS6.7AI score0.12351EPSS
Exploits0References4
nessus
nessus
added 2023/11/15 12:0 a.m.23 views

Rockwell Automation Stratix Network Time Protocol Remote Configuration Denial of Service (CVE-2015-7850)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

6.5CVSS6.7AI score0.04973EPSS
Exploits0References4
nessus
nessus
added 2023/11/15 12:0 a.m.18 views

Rockwell Automation Stratix Network Time Protocol ntpd saveconfig Directory Traversal (CVE-2015-7851)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

6.5CVSS7AI score0.03942EPSS
Exploits1References4
citrix
citrix
added 2023/09/15 12:0 a.m.9 views

XenServer can't sync time from Windows domain controller

This article provides instruction to synchronize XenServer system time with Windows domain controller/NTP Server...

7.1AI score
Exploits0
nvd
nvd
added 2023/06/14 12:15 p.m.23 views

CVE-2023-3036

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...

8.6CVSS8.5AI score0.02237EPSS
Exploits0References1
prion
prion
added 2023/06/14 12:15 p.m.21 views

Code injection

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...

5CVSS7.4AI score0.02237EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/06/14 11:8 a.m.8 views

CVE-2023-3036 Out of Bounds Slice index in cfnts leads to remote panic

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...

8.6CVSS6.8AI score0.02237EPSS
Exploits0References1
cvelist
cvelist
added 2023/06/14 11:8 a.m.33 views

CVE-2023-3036 Out of Bounds Slice index in cfnts leads to remote panic

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...

8.6CVSS8.6AI score0.02237EPSS
Exploits0References1
cve
cve
added 2023/06/14 11:8 a.m.46 views

CVE-2023-3036

CVE-2023-3036 affects github.com/cloudflare/cfnts prior to commit 783490b. The issue is an unchecked read in the NTP server implementation, enabling a remote attacker to trigger a panic by sending an NTSAuthenticator packet with an extension length longer than the packet contents. Affected: cfnts...

8.6CVSS7.6AI score0.02237EPSS
Exploits0References1Affected Software1
bdu_fstec
bdu_fstec
added 2023/05/29 12:0 a.m.10 views

The vulnerability of D-Link DIR-825 router’s microprogramming software lies in the lack of measures to clean incoming data, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DIR-825 router’s microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created POST request, ntpsync.cgi, through the ntpserver...

9CVSS8.2AI score0.23514EPSS
Exploits1References3Affected Software1
virtuozzo
virtuozzo
added 2023/05/10 12:0 a.m.17 views

Virtuozzo Hybrid Infrastructure 5.4 Update 2 (5.4.2-58)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute services, core and object storage, integrations, monitoring and alerts. Additionally, this release delivers stability improvements and addresses issues found in previous releases. Vulnerabilit...

7AI score
Exploits0
nvd
nvd
added 2023/05/08 1:15 p.m.33 views

CVE-2023-2573

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...

8.8CVSS8.7AI score0.04751EPSS
Exploits3References6
prion
prion
added 2023/05/08 1:15 p.m.18 views

Command injection

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...

6.5CVSS8.6AI score0.04751EPSS
Exploits3References6Affected Software3
vulnrichment
vulnrichment
added 2023/05/08 12:33 p.m.11 views

CVE-2023-2573 Authenticated Command Injection

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...

8.8CVSS8.7AI score0.04751EPSS
Exploits3References6
Rows per page
Query Builder