TP-Link TL-WVR and TL-WAR Arbitrary Command Execution Vulnerability

TP-Link TL-WVR and TL-WAR are both wireless router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link TL-WVR and TL-WAR. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending the admin/wportal command with shell metacharacter...

Meinberg LANTIME Web Arbitrary File Read Vulnerability

Meinberg LANTIME is an NTP time server from Meinberg, Germany.Web Configuration Utility is one of the web configuration utilities. A security vulnerability exists in the Web Configuration Utility in Meinberg LANTIME with firmware prior to version 6.24.004. A remote attacker can exploit the...

ITGuard-Manager 0.0.0.1 - Remote Code Execution

ITGuard-Manager 0.0.0.1 - Remote Code Execution Vulnerability Title: ITGuard-Manager V0.0.0.1 PreAuth Remote Code Execution Author: Nassim Asrir Contact: [email protected] / @asrirnassim CVE: Waiting ... CVSS:...

topmudsites.com XSS vulnerability

Open Bug Bounty ID: OBB-451845 Description| Value ---|--- Affected Website:| topmudsites.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

Command Injection Vulnerability in Multiple TP-Link Products

TP-Link TL-WVR and others are wireless router products from China P&L TP-LINK. A command injection vulnerability exists in multiple TP-Link products. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending an admin/diagnostic command with shell...

Command Injection Vulnerability in Multiple TP-Link Products (CNVD-2017-37953)

TP-Link TL-WVR and others are wireless router products from China P&L TP-LINK. A command injection vulnerability exists in multiple TP-Link products. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending the admin/bridge command with shell metacharacters...

Command Injection Vulnerability in Multiple TP-Link Products (CNVD-2017-37955)

TP-Link TL-WVR and others are wireless router products from China P&L TP-LINK. A command injection vulnerability exists in multiple TP-Link products. The vulnerability can be exploited to execute arbitrary commands by sending the admin/interface command with shell metacharacters in the tbindif...

Command injection

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the tbindif field of an admin/interface command to cgi-bin/luci, related to the getdevicebyif function in /usr/lib/lua/luci/controller/admin/interface.lua in...

CVE-2017-16957

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zonegeteffectdevices function in...

CVE-2017-16960

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the tbindif field of an admin/interface command to cgi-bin/luci, related to the getdevicebyif function in /usr/lib/lua/luci/controller/admin/interface.lua in...

CVE-2017-16958

The CVE affects TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices. Affected component is the admin/bridge CGI in uhttpd, where shell metacharacters in the t_bindif field passed via the admin/bridge command to cgi-bin/luci can lead to remote command execution. Root cause is input constructed to trig...

CVE-2017-16958

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the tbindif field of an admin/bridge command to cgi-bin/luci, related to the getdevicebyif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd...

CVE-2017-16960

This entry (CVE-2017-16960) concerns TP-Link devices TL-WVR, TL-WAR, TL-ER, and TL-R where remote authenticated users can execute arbitrary commands via shell metacharacters in the t_bindif parameter sent to cgi-bin/luci, related to get_device_byif in /usr/lib/lua/luci/controller/admin/interface....

Directory traversal

Directory Traversal vulnerability in appdatacenter on Shenzhen Tenda Ac9 USAC9V1.0BRV15.03.05.14multiTD01, Ac9 ac9kfV15.03.05.196318cn, Ac15 USAC15V1.0BRV15.03.05.18multiTD01, Ac15 USAC15V1.0BRV15.03.05.19multiTD01, Ac18 USAC18V1.0BRV15.03.05.05multiTD01, and Ac18 ac18kfV15.03.05.196318cn devices...

CVE-2017-16923

The CVE-2017-16923 entry describes a Command Injection vulnerability in the app_data_center component of several Shenzhen Tenda router models (e.g., Ac9, Ac15, Ac18 variants). The underlying issue is that the function sub_A6E8 usbeject_process_entry executes a system function using untrusted inpu...

CVE-2017-16765

XSS exists on D-Link DWR-933 1.00WWB17 devices via cgi-bin/gui.cgi...

Cross site scripting

XSS exists on D-Link DWR-933 1.00WWB17 devices via cgi-bin/gui.cgi...

CVE-2017-16765

Affected product: D-Link DWR-933 portable wireless router (firmware version 1.00(WW)B17). Vulnerable component: the web management interface CGI, specifically cgi-bin/gui.cgi. Issue: cross-site scripting (XSS) vulnerability described as XSS exists on the DWR-933 via the GUI CGI. Root cause: not e...

CVE-2017-16765

XSS exists on D-Link DWR-933 1.00WWB17 devices via cgi-bin/gui.cgi...

petcabaret.com XSS vulnerability

Open Bug Bounty ID: OBB-401689 Description| Value ---|--- Affected Website:| petcabaret.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...