70mai 1S 安全漏洞

70mai 1S is a smart recorder from 70mai 70mai, a Chinese company. A security vulnerability exists in 70mai 1S 20250611 and earlier versions, which stems from improper authorization due to misuse of the file /cgi-bin/Config.cgi?action=set...

PT-2024-6464 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions up to 20240814...

PT-2023-9103 · Peplink · Peplink Smart Reader

Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: A data integrity vulnerability exists in the web interface /cgi-bin/upload config.cgi functionality. A specially crafted HTTP request can lead to configuration modification. An attacker can make...

CVE-2018-19191

Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter...

Code injection

Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter...

CVE-2018-19191

Vulnerability (CVE-2018-19191): Webmin 1.890 is vulnerable to a cross-site scripting (XSS) flaw. The flaw allows an unauthenticated, remote attacker to trigger arbitrary script execution in a user’s browser by getting a user to click a specially crafted URL. Affected parameters include /config.cg...

Buffer overflow

Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service device crash and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers paramete...

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

source: https://www.securityfocus.com/bid/64363/info Icinga is prone to multiple memory-corruption vulnerabilities due to an off-by-one condition. Attackers may exploit these issues to gain access to sensitive information or crash the affected application, denying service to legitimate users...

AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities

AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ AVTECH DVR multiple vulnerabilities 1. Advisory Information Title: AVTECH DVR multiple vulnerabilities Advisory ID: CORE-2013-0726 Advisory URL:...

AVTECH DVR Buffer Overflow / CAPTCHA Bypass

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ AVTECH DVR multiple vulnerabilities 1. Advisory Information Title: AVTECH DVR multiple vulnerabilities Advisory ID: CORE-2013-0726 Advisory URL: http://www.coresecurity.com/advisories/avtech-dvr-multiple-vulnerabilities Date...

Medium: nagios

Issue Overview: Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in 1 Nagios 3.2.3 and 2 Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an a command action or a b hosts action. Affected...

CVE-2011-2477

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escapehtmltags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a...

CVE-2011-2179

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in 1 Nagios 3.2.3 and 2 Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an a command action or a b hosts action...

CVE-2011-2477

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escapehtmltags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escapehtmltags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in 1 Nagios 3.2.3 and 2 Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an a command action or a b hosts action...

CVE-2011-2477

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escapehtmltags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a...

CVE-2011-2179

Multiple cross-site scripting XSS vulnerabilities in config.c in config.cgi in 1 Nagios 3.2.3 and 2 Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an a command action or a b hosts action...

CVE-2011-2477

CVE-2011-2477 describes multiple XSS vulnerabilities in config.c/config.cgi in Nagios/Icinga before 1.4.1 when escape_html_tags is disabled. The issue enables remote injection of script/HTML via inputs affecting the web interface (e.g., an expanded parameter or onload behavior in a BODY tag after...

CVE-2011-2477

Removed by vendor...