54 matches found
Command injection
In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...
CVE-2017-16254
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP...
CVE-2018-3949
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...
CVE-2018-3949
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...
Denial of service
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticate...
Insteon Hub Buffer Overflow Vulnerability (CNVD-2018-16501)
The Insteon Hub is an Insteon central controller product from Insteon USA. This product can remotely control light bulbs, wall switches, air conditioners and more in your home. A buffer overflow vulnerability exists in the PubNub 'ad' channel message handler in the Insteon Hub using firmware...
Insteon Hub Buffer Overflow Vulnerability (CNVD-2018-14860)
The Insteon Hub is an Insteon central controller product from Insteon USA. This product can remotely control light bulbs, wall switches, air conditioners and more in your home. A buffer overflow vulnerability exists in the Insteon Hub using firmware version 1012. An attacker could exploit the...
Insteon Hub Buffer Overflow Vulnerability
The Insteon Hub is an Insteon central controller product from Insteon USA. This product can remotely control light bulbs, wall switches, air conditioners and more in your home. A buffer overflow vulnerability exists in the Insteon Hub using firmware version 1012. An attacker could exploit the...
PT-2018-6268 · Insteon · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, at memory address 0x9d01bb1c, the value for the uri key is copied using strcpy to a buffer at...
PT-2018-6271 · Insteon · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, the value for the s vol dim delta key is copied using strcpy to a buffer at address 0xa000051...
PT-2018-6273 · Insteon · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: An attacker could send an authenticated HTTP request to trigger this issue in Insteon Hub. The value for the s url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, an...
Command Execution Vulnerability in the pelco Sarix Enhanced Dot1xSetupController.php File
pelco Sarix Enhanced is a webcam. A command execution vulnerability exists in the pelco Sarix Enhanced Dot1xSetupController.php file. The vulnerability is caused due to the program failing to properly perform validity checks when processing user-submitted data, allowing an attacker who has been...
CVE-2010-3659
Multiple cross-site scripting XSS vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified...
CVE-2017-12853
The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated...