Lucene search
+L

37 matches found

openbugbounty
openbugbounty
added 2023/06/22 10:14 a.m.8 views

d1.com.br Cross Site Scripting vulnerability OBB-3457428

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
bdu_fstec
bdu_fstec
added 2021/04/21 12:0 a.m.6 views

The vulnerability of the DSL-320B-D1 router’s microprogramming software lies in the fact that the operation results are stored outside the buffer in memory, allowing an intruder to gain unauthorized access to the device with the user’s login credentials (login.xgi).

The vulnerability of the microprogrammed operating system of the DSL-320B-D1 router lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to the device with user login...

10CVSS7.9AI score0.40081EPSS
Exploits3References7
zdt
zdt
added 2021/04/08 12:0 a.m.61 views

D-Link DSL-320B-D1 Pre-Authentication Buffer Overflow Vulnerability

The D-Link DSL-320B-D1 ADSL modem suffers from multiple pre-authentication stack buffer overflow vulnerabilities. Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem ======== ========================================= 0. Overview 1. Details 2. Solution 3. Disclosure Timeline 4...

10CVSS0.1AI score0.40081EPSS
Exploits3
osv
osv
added 2021/04/07 11:15 a.m.4 views

CVE-2021-26709

D-Link DSL-320B-D1 devices through EU1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

9.8CVSS7.4AI score0.40081EPSS
Exploits3References4
prion
prion
added 2021/04/07 11:15 a.m.25 views

Stack overflow

UNSUPPORTED WHEN ASSIGNED D-Link DSL-320B-D1 devices through EU1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer...

10CVSS9.4AI score0.40081EPSS
Exploits3References4Affected Software1
cvelist
cvelist
added 2021/04/07 10:45 a.m.20 views

CVE-2021-26709

D-Link DSL-320B-D1 devices through EU1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

9.7AI score0.40081EPSS
Exploits3References4
cve
cve
added 2021/04/07 10:45 a.m.79 views

CVE-2021-26709

The CVE-2021-26709 entry concerns D-Link DSL-320B-D1 devices (EU_1.25 and earlier) with a stack-based buffer overflow in the device firmware that allows unauthenticated remote attackers to takeover the device via login.xgi. Affected product: D-Link DSL-320B-D1; vulnerability type: multiple pre-au...

10CVSS9.5AI score0.40081EPSS
Exploits3References4Affected Software1
cnnvd
cnnvd
added 2021/04/07 12:0 a.m.6 views

D-Link DSL-320B-D1 缓冲区错误漏洞

The D-Link DSL?320B is an Ethernet modem from AUO D-Link of Taiwan, China. A buffer overflow vulnerability exists in the D-Link DSL-320B-D1 device EU1.25 version and earlier versions, which allows an unauthenticated, remote attacker to take over the device via login...

10CVSS6AI score0.40081EPSS
Exploits3References6
ptsecurity
ptsecurity
added 2021/03/07 12:0 a.m.23 views

PT-2021-2654 · D Link · D-Link Dsl-320B-D1

Name of the Vulnerable Software and Affected Versions: D-Link DSL-320B-D1 devices through EU 1.25 Description: The issue is related to a buffer overflow in the device's firmware, allowing a remote attacker to gain unauthorized access to the device with user login.xgi privileges. The vulnerability...

10CVSS8.1AI score0.40081EPSS
Exploits3References10
oraclelinux
oraclelinux
added 2020/06/18 12:0 a.m.67 views

microcode_ctl security, bug fix and enhancement update

3:1.17-33.26.0.1 - update 06-2d-07 to 0x71a - update 06-55-04 to 0x2006906 - update 06-55-07 to 0x5002f01 - merge Oracle changes for early load via dracut - enable late load on install for UEK4 kernels marked safe except BDW-79 - set earlymicrocode='no' in virtualized guests to avoid early load...

5.5CVSS0.9AI score0.00587EPSS
Exploits0
nessus
nessus
added 2019/11/13 12:0 a.m.42 views

SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:2957-1)

This update for ucode-intel fixes the following issues : Updated to 20191112 security release bsc1155988 - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old-New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL...

6.5CVSS7.3AI score0.03133EPSS
Exploits0References8
prion
prion
added 2015/02/04 4:59 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to 1 resultofgetchangedstatus.asp or 2 errorpage.htm...

4.3CVSS6.1AI score0.02146EPSS
Exploits1References7Affected Software1
cvelist
cvelist
added 2015/02/04 4:0 p.m.27 views

CVE-2015-1437

Multiple cross-site scripting XSS vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to 1 resultofgetchangedstatus.asp or 2 errorpage.htm...

5.8AI score0.02146EPSS
Exploits1References7
nvd
nvd
added 2014/01/16 7:55 p.m.29 views

CVE-2013-6786

Cross-site scripting XSS vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitra...

4.3CVSS5.6AI score0.02172EPSS
Exploits1References3
cve
cve
added 2014/01/16 7:0 p.m.199 views

CVE-2013-6786

CVE-2013-6786 is an XSS vulnerability in Allegro RomPager prior to 4.51 used on ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D‑Link DSL-2640R/2641R. The flaw arises when the forbidden author header protection is bypassed, allowing remote attackers to inject arbitrary web sc...

4.3CVSS7.6AI score0.02172EPSS
Exploits1References3Affected Software7
cvelist
cvelist
added 2009/02/26 4:0 p.m.23 views

CVE-2008-6297

Cross-site scripting XSS vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the 1 domain and 2 d1 parameters...

5.7AI score0.01458EPSS
Exploits1References4
cve
cve
added 2006/10/18 1:0 a.m.49 views

CVE-2006-5378

Technical details about CVE-2006-5378 are not publicly available in the provided documents. The records describe an unspecified vulnerability with unknown impact. Monitor for updates; no file/version specifics or remediation are provided here.

9CVSS6.7AI score0.02886EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder