14 matches found
CVE-2025-67073
The CVE-2025-67073 entry describes a buffer overflow in the httpd binary of Tenda AC10V4.0 (v16.03.10.20) in the function fromAdvSetMacMtuWan. A crafted POST payload targeting the field serviceName to /goform/AdvSetMacMtuWan can cause a denial of service and potentially code execution. Public sou...
EUVD-2021-20877
Malware in sbrugna...
CVE-2021-46678
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...
Cross site scripting
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...
CVE-2021-46678 Vulnerability XSS in service form name field
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...
Artica Pandora FMS 跨站脚本漏洞
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS version 756 and earlier. An attacker can exploit this...
CVE-2021-46678
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field...
CVE-2021-34228
Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...
CVE-2021-34215
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...
Cross site scripting
Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...
CVE-2021-34215
Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...
TotoLink A3002RU 跨站脚本漏洞
TOTOLINK A3002RU is an AC1200 wireless dual-band gigabit router. tcpipwan.htm in TOTOLINK A3002R version 1.1.1-B20200824 is vulnerable to cross-site scripting. The vulnerability can be exploited to execute arbitrary JavaScript by modifying the "service name" field...
TotoLink A3002RU 跨站脚本漏洞
A cross-site scripting vulnerability exists in TOTOLINK A3002RU, a wireless router product from Taiwan-based TOTOLINK, which stems from the lack of validation of client-side data for the product's ability to modify the Description and Service Name fields. An attacker could execute client-side cod...
CVE-2017-8495
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with...