9793 matches found
CVE-2021-28841
Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to applycgi via an action pingtest without a pingipaddr key...
TRENDnet 多款产品 代码问题漏洞
TRENDnet TEW-755AP and others are a router from Trendnet, a US-based company. Several Trendnet products are vulnerable to null pointer dereference. A remote attacker could use the vulnerability to send POST requests to applycgi via the lang operation without a language key, resulting in a denial ...
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
!-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor: Panasonic Corporation | SANYO Electric Co., Ltd. Product web page: https://www.panasonic.com https://www.sanyo-av.com https://panasonic.net/sanyo/cs/index.html Affected version: Model: VCC-HD5600...
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery Vulnerability
Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privilege...
Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password
Summary SANYO network camera and network optional board with the latest H.264 compression technology provide the optimum surveillance applications with high quality real time moving image at low bandwidth. Simultaneous stream of H.264 and JPEG data and also COAX video out to provide flexible...
CVE-2021-35030
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting XSS attack via a crafted LLDP packet...
Cross site scripting
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting XSS attack via a crafted LLDP packet...
CVE-2021-35030
CVE-2021-35030 affects Zyxel GS1900-8 firmware v2.60: an authenticated, local user can trigger cross-site scripting via a crafted LLDP packet due to improper sanitization in the CGI program. Affected component: the CGI handling in GS1900-8; root cause: inadequate packet content sterilization. Imp...
Fedora: Security Advisory for php (FEDORA-2021-d867b595d1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: perl-Mojolicious-8.73-2.fc34
Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...
[SECURITY] Fedora 34 Update: php-7.4.21-1.fc34
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Mongoose Web Server <= 6.8 Multiple Vulnerabilities
Mongoose Web Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
Visual Tools DVR VX16 4.2.28.0 Command Injection
Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. An unauthenticated remote attacker can...
Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated) Vulnerability
Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. An unauthenticated remote attacker can inject arbitrary...
Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)
Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. CVE: CVE-2021-42071 Reference:...
NETGEAR Smart Cloud Switch Command Injection Vulnerability (PSV-2021-0071)
Multiple NETGEAR Smart Cloud Switch devices are prone to an unauthenticated command injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Synology Media Server Server-Side Request Forgery Vulnerability
Synology Media Server provides multimedia services for browsing and playing multimedia contents in Synology NAS via DLNA/UPnP home devices. A server-side request forgery vulnerability exists in the cgi component of Synology Media Server versions prior to 1.8.3-2881. A remote attacker can exploit...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors...
Privilege escalation
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors...
Dlink DSL2750U - (Reboot) Command Injection Exploit
Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...