371 matches found
CVE-2023-34278 D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...
CVE-2023-34279
The CVE-2023-34279 entry maps to D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution. Affected component is the SOAP API interface (on TCP port 80) which fails to validate user-supplied input before executing a system call, enabling network-adjacent attackers to run c...
CVE-2023-34277
The CVE-2023-34277 issue affects the D-Link DIR-2150 router. A flaw in the SOAP API interface (default port 80) creates a command injection path by validating user input insufficiently before it is handed to a system call. This can allow network-adjacent attackers to execute arbitrary code with r...
CVE-2023-34277 D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...
CVE-2023-34276 D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...
CVE-2023-34275 D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...
CVE-2023-34275 D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the...
CVE-2023-34276 D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...
CVE-2023-34275
CVE-2023-34275 describes a remote code execution on the D-Link DIR-2150 router due to a flaw in the SOAP API interface that handles SetNTPServerSettings. The vulnerability stems from improper validation of a user-supplied string before it is used to perform a system call, allowing an attacker to ...
CVE-2023-34274 D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit thi...
CVE-2023-34274
CVE-2023-34274 concerns D-Link DIR-2150 routers. The issue is a flaw in the SOAP API interface (listening on TCP port 80) that allows a crafted login request to bypass authentication, enabling network-adjacent attackers to gain access without valid credentials. The root cause is an incorrect auth...
CVE-2023-34274 D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit thi...
CVE-2024-33891
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...
CVE-2024-33891
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...
Delinea Secret Server 安全漏洞
Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server versions prior to 11.7.000001. An attacker exploits this vulnerability to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx...
CVE-2024-33891
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...
CVE-2024-33891
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute...
CVE-2024-33891
CVE-2024-33891 (Delinea Secret Server) : Affects Secret Server versions prior to 11.7.000001. The issue enables authentication bypass via the SOAP API at SecretServer/webservices/SSWebService.asmx, linked to a hardcoded key, the Admin user being represented as the integer 2, and removal of the oa...
IBM Security Verify Privilege Information Disclosure Vulnerability
IBM Security Verify Privilege is a solution from International Business Machines IBM that manages and protects user identities and privileges. An information disclosure vulnerability exists in IBM Security Verify Privilege, which can be exploited by an attacker to obtain sensitive information fro...
CVE-2024-31887
IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651...