37 matches found
d1.com.br Cross Site Scripting vulnerability OBB-3457428
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
The vulnerability of the DSL-320B-D1 router’s microprogramming software lies in the fact that the operation results are stored outside the buffer in memory, allowing an intruder to gain unauthorized access to the device with the user’s login credentials (login.xgi).
The vulnerability of the microprogrammed operating system of the DSL-320B-D1 router lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to the device with user login...
D-Link DSL-320B-D1 Pre-Authentication Buffer Overflow Vulnerability
The D-Link DSL-320B-D1 ADSL modem suffers from multiple pre-authentication stack buffer overflow vulnerabilities. Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem ======== ========================================= 0. Overview 1. Details 2. Solution 3. Disclosure Timeline 4...
CVE-2021-26709
D-Link DSL-320B-D1 devices through EU1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
Stack overflow
UNSUPPORTED WHEN ASSIGNED D-Link DSL-320B-D1 devices through EU1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer...
CVE-2021-26709
D-Link DSL-320B-D1 devices through EU1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2021-26709
The CVE-2021-26709 entry concerns D-Link DSL-320B-D1 devices (EU_1.25 and earlier) with a stack-based buffer overflow in the device firmware that allows unauthenticated remote attackers to takeover the device via login.xgi. Affected product: D-Link DSL-320B-D1; vulnerability type: multiple pre-au...
D-Link DSL-320B-D1 缓冲区错误漏洞
The D-Link DSL?320B is an Ethernet modem from AUO D-Link of Taiwan, China. A buffer overflow vulnerability exists in the D-Link DSL-320B-D1 device EU1.25 version and earlier versions, which allows an unauthenticated, remote attacker to take over the device via login...
PT-2021-2654 · D Link · D-Link Dsl-320B-D1
Name of the Vulnerable Software and Affected Versions: D-Link DSL-320B-D1 devices through EU 1.25 Description: The issue is related to a buffer overflow in the device's firmware, allowing a remote attacker to gain unauthorized access to the device with user login.xgi privileges. The vulnerability...
microcode_ctl security, bug fix and enhancement update
3:1.17-33.26.0.1 - update 06-2d-07 to 0x71a - update 06-55-04 to 0x2006906 - update 06-55-07 to 0x5002f01 - merge Oracle changes for early load via dracut - enable late load on install for UEK4 kernels marked safe except BDW-79 - set earlymicrocode='no' in virtualized guests to avoid early load...
SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:2957-1)
This update for ucode-intel fixes the following issues : Updated to 20191112 security release bsc1155988 - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old-New - ---- new platforms ---------------------------------------- - CML-U62 A0 6-a6-0/80 000000c6 Core Gen10 Mobile - CNL...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to 1 resultofgetchangedstatus.asp or 2 errorpage.htm...
CVE-2015-1437
Multiple cross-site scripting XSS vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to 1 resultofgetchangedstatus.asp or 2 errorpage.htm...
CVE-2013-6786
Cross-site scripting XSS vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitra...
CVE-2013-6786
CVE-2013-6786 is an XSS vulnerability in Allegro RomPager prior to 4.51 used on ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D‑Link DSL-2640R/2641R. The flaw arises when the forbidden author header protection is bypassed, allowing remote attackers to inject arbitrary web sc...
CVE-2008-6297
Cross-site scripting XSS vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the 1 domain and 2 d1 parameters...
CVE-2006-5378
Technical details about CVE-2006-5378 are not publicly available in the provided documents. The records describe an unspecified vulnerability with unknown impact. Monitor for updates; no file/version specifics or remediation are provided here.