CVE-2017-16564

Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...

CVE-2017-16563

Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...

CVE-2017-16563

Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...

FiberHome Directory Traversal

Vulnerability Summary The following advisory describes a directory traversal vulnerability found in FiberHome routers. FiberHome Technologies Group “was established in 1974. After continuous and intensive development for over 40 years, its business has been extended to R&D, manufacturing, marketi...

CVE-2017-11350

Cross-Site Request Forgery CSRF exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices...

Catalog Traversal Vulnerability in Multiple Peplink Balance Products

Peplink Balance 305 and others are multi-exit load balancing routers for medium-sized businesses. A directory traversal vulnerability exists in several Peplink Balance products using firmware versions prior to fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. An attacker can exploit this...

CVE-2017-8838

XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi...

CVE-2017-8838

CVE-2017-8838 affects Peplink Balance routers (models 305, 380, 580, 710, 1350, 2500) with firmware prior to fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The issue is a cross-site scripting (XSS) vulnerability in the web interface, triggered via the syncid parameter in the CGI sc...

UBUNTU-CVE-2015-8010

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

CVE-2017-6526

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests...

CVE-2016-6277

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow...

PT-2016-3443 · NetGear · Netgear R6250 +9

Name of the Vulnerable Software and Affected Versions: NETGEAR R6250 versions 1.0.4.6.Beta and earlier NETGEAR R6400 versions 1.0.1.18.Beta and earlier NETGEAR R6700 versions 1.0.1.14.Beta and earlier NETGEAR R6900 affected versions not specified NETGEAR R7000 versions 1.0.7.6.Beta and earlier...

PT-2016-6697 · NetGear · R6400 +11

Name of the Vulnerable Software and Affected Versions: NETGEAR R6250 versions 1.0.0 through 1.0.4.6.Beta NETGEAR R6400 versions 1.0.0 through 1.0.1.18.Beta NETGEAR R6700 versions 1.0.0 through 1.0.1.14.Beta NETGEAR R6900 version 1.0.0 NETGEAR R7000 versions 1.0.0 through 1.0.7.6.Beta NETGEAR...

NETGEAR JNR1010 ADSL Router - (Authenticated) Remote File Disclosure

NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure !/bin/sh NETGEAR ADSL ROUTER JNR1010 1.0.0.16 Authenticated Remote File Disclosure Hardware Version: JNR1010 Firmware Version: 1.0.0.16 GUI Language Version: 1.0.0.16 Copyright 2016 c Todor Donev https://www.ethical-hacker.org/...

Unauthorized Information Disclosure Vulnerability in AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An unauthorized information disclosure vulnerability exists in AVTECH devices. Due to the cgi-bin/ directory is not set with...

CVE-2016-6840

Cross-site scripting XSS vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLoginCgiEntry and possibly other unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLoginCgiEntry and possibly other unspecified vectors...

Command injection

cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...

Honeywell IP-Camera Detection

Detects the installed version of Honeywell IP-Cameras. This script sends an HTTP GET request and tries to ensure the presence of Honeywell IP-Cameras. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...