Lucene search
K

9793 matches found

OSV
OSV
added 2021/08/10 7:15 p.m.4 views

CVE-2021-28841

Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial of service by sending a POST request to applycgi via an action pingtest without a pingipaddr key...

7.5CVSS5.8AI score0.00961EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.4 views

TRENDnet 多款产品 代码问题漏洞

TRENDnet TEW-755AP and others are a router from Trendnet, a US-based company. Several Trendnet products are vulnerable to null pointer dereference. A remote attacker could use the vulnerability to send POST requests to applycgi via the lang operation without a language key, resulting in a denial ...

7.5CVSS5.7AI score0.00961EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2021/07/30 12:0 a.m.375 views

Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery

!-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor: Panasonic Corporation | SANYO Electric Co., Ltd. Product web page: https://www.panasonic.com https://www.sanyo-av.com https://panasonic.net/sanyo/cs/index.html Affected version: Model: VCC-HD5600...

0.4AI score
Exploits0
0day.today
0day.today
added 2021/07/30 12:0 a.m.140 views

Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery Vulnerability

Panasonic Sanyo CCTV Network Camera version 2.03-0x allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. These actions can be exploited to perform authentication detriment and account password change with administrative privilege...

0.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/07/30 12:0 a.m.895 views

Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password

Summary SANYO network camera and network optional board with the latest H.264 compression technology provide the optimum surveillance applications with high quality real time moving image at low bandwidth. Simultaneous stream of H.264 and JPEG data and also COAX video out to provide flexible...

8.8CVSS7.2AI score0.00332EPSS
Exploits1
NVD
NVD
added 2021/07/26 12:15 p.m.20 views

CVE-2021-35030

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting XSS attack via a crafted LLDP packet...

4.3CVSS0.00268EPSS
Exploits0References1
Prion
Prion
added 2021/07/26 12:15 p.m.18 views

Cross site scripting

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting XSS attack via a crafted LLDP packet...

2.3CVSS4.4AI score0.00268EPSS
Exploits0References1Affected Software12
CVE
CVE
added 2021/07/26 11:20 a.m.60 views

CVE-2021-35030

CVE-2021-35030 affects Zyxel GS1900-8 firmware v2.60: an authenticated, local user can trigger cross-site scripting via a crafted LLDP packet due to improper sanitization in the CGI program. Affected component: the CGI handling in GS1900-8; root cause: inadequate packet content sterilization. Imp...

4.3CVSS4.4AI score0.00268EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2021/07/11 12:0 a.m.19 views

Fedora: Security Advisory for php (FEDORA-2021-d867b595d1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS6AI score0.01945EPSS
Exploits2References2
Fedora
Fedora
added 2021/07/09 1:3 a.m.31 views

[SECURITY] Fedora 34 Update: perl-Mojolicious-8.73-2.fc34

Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the...

1.1AI score
Exploits0
Fedora
Fedora
added 2021/07/08 12:58 a.m.32 views

[SECURITY] Fedora 34 Update: php-7.4.21-1.fc34

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.9CVSS2.2AI score0.01945EPSS
Exploits2
OpenVAS
OpenVAS
added 2021/07/07 12:0 a.m.30 views

Mongoose Web Server <= 6.8 Multiple Vulnerabilities

Mongoose Web Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

9.8CVSS8.8AI score0.31045EPSS
Exploits13References8
Packet Storm
Packet Storm
added 2021/07/06 12:0 a.m.185 views

Visual Tools DVR VX16 4.2.28.0 Command Injection

Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. An unauthenticated remote attacker can...

0.3AI score
Exploits0
0day.today
0day.today
added 2021/07/06 12:0 a.m.88 views

Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated) Vulnerability

Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. An unauthenticated remote attacker can inject arbitrary...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/06 12:0 a.m.285 views

Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)

Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. CVE: CVE-2021-42071 Reference:...

10CVSS9.7AI score0.69882EPSS
Exploits2
OpenVAS
OpenVAS
added 2021/06/29 12:0 a.m.20 views

NETGEAR Smart Cloud Switch Command Injection Vulnerability (PSV-2021-0071)

Multiple NETGEAR Smart Cloud Switch devices are prone to an unauthenticated command injection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

10CVSS7.8AI score0.08798EPSS
Exploits2References2
CNVD
CNVD
added 2021/06/22 12:0 a.m.8 views

Synology Media Server Server-Side Request Forgery Vulnerability

Synology Media Server provides multimedia services for browsing and playing multimedia contents in Synology NAS via DLNA/UPnP home devices. A server-side request forgery vulnerability exists in the cgi component of Synology Media Server versions prior to 1.8.3-2881. A remote attacker can exploit...

5.8CVSS6.9AI score0.01016EPSS
Exploits0References1
Prion
Prion
added 2021/06/18 3:15 a.m.13 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors...

5CVSS5.3AI score0.01016EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/06/18 3:15 a.m.14 views

Privilege escalation

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors...

6.5CVSS8.6AI score0.01369EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2021/06/18 12:0 a.m.57 views

Dlink DSL2750U - (Reboot) Command Injection Exploit

Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...

7.4AI score
Exploits0
Rows per page
Query Builder