9794 matches found
Dlink DSL2750U - (Reboot) Command Injection Exploit
Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...
Security update for htmldoc (important)
openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0895-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...
Synology Media Server 代码问题漏洞
Synology Media Server provides multimedia services for browsing and playing multimedia contents in Synology NAS via DLNA/UPnP home devices. A server-side request forgery vulnerability exists in the cgi component of Synology Media Server versions prior to 1.8.3-2881. A remote attacker can exploit...
Security update for htmldoc (important)
openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0893-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...
IPFire 2.25 Core Update 156 and Prior pakfire.cgi Authenticated RCE
This module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user. Module Options msf use exploit/linux/http/ipfirepakfireexec msf...
CVE-2021-31249
A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components...
多款Chiyu产品注入漏洞
The Chiyu CHIYU BF-430, etc. are all networking servers that provide communication for access control, time and attendance systems, and other devices from Chiyu Technology Chiyu Inc. of Taiwan, China. A security vulnerability exists in CHIYU Technology Inc's BF-430, BF-431, and BF-450M TCP/IP...
VulnCheck KEV: CVE-2020-25494
Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...
CHIYU IoT Devices - Denial of Service (DoS)
Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...
Path traversal
Improper limitation of a pathname to a restricted directory 'Path Traversal' in cgi component in Synology DiskStation Manager DSM before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors...
CVE-2021-33180
Synology Media Server, in the cgi component, is affected by CVE-2021-33180 (pre-1.8.1-2876) due to improper neutralization of input in an SQL command, allowing remote attackers to execute arbitrary SQL via unspecified vectors. Public details consistently cite a SQL injection vulnerability with re...
CHIYU TCP/IP Converter devices - CRLF injection Vulnerability
Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter devices - all firmware...
CHIYU TCP/IP Converter CRLF Injection
Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter device...
CHIYU TCP/IP Converter devices - CRLF injection
Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter device...
CVE-2021-20209
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured...
CVE-2021-20209
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured...
Memory corruption
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured...
CVE-2021-20209
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured...
CVE-2021-20209
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured...
CVE-2021-20209
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured...