Lucene search
+L

296 matches found

CNVD
CNVD
added 2019/09/09 12:0 a.m.3 views

D-link DIR-806 Stack Buffer Overflow Vulnerability

The Dlink DIR-806 is a wireless AC1200 dual-band router. A stack buffer overflow vulnerability exists in hnapmain in /htdocs/cgibin of the D-link DIR-806. The vulnerability can be exploited to run shellcode via a long HTTP header starting with "SOAPAction:...

10CVSS7.3AI score0.02289EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.6 views

The vulnerability of the Siveillance VMS software platform, related to access control deficiencies, allows a intruder to alter the device settings.

The vulnerability of the Siveillance VMS software platform relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to alter device settings using a web service...

8.8CVSS5.5AI score0.01667EPSS
Exploits0References2Affected Software5
VulnCheck KEV
VulnCheck KEV
added 2019/05/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-2051

D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface...

10CVSS7.7AI score0.97101EPSS
Exploits2References1
Kitploit
Kitploit
added 2019/03/24 8:32 p.m.161 views

Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications

Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis...

7.2AI score
Exploits0References2
CNVD
CNVD
added 2018/12/04 12:0 a.m.4 views

i4 assistant cross-site scripting vulnerability

i4 assistant is a specialized management tool for Apple mobile devices from China for Aipu Information Technology Company. A cross-site scripting vulnerability exists in i4 assistant version 7.85. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via th...

6.1CVSS5.6AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2018/11/14 6:29 p.m.5 views

CVE-2018-9525

In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFICHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, wi...

7.8CVSS5.9AI score0.0018EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/07/27 12:0 a.m.10 views

The vulnerability of Canon’s microprogrammed software for printers stems from deficiencies in authentication procedures, allowing attackers to gain access to the device’s web interface with administrator privileges.

The vulnerability of Canon printer’s microprogramming software is related to deficiencies in the authentication process when using standard device settings. Exploiting this vulnerability can allow a malicious actor to gain access to the device’s web interface with administrator privileges...

10CVSS5.5AI score0.04574EPSS
Exploits4References3
OpenVAS
OpenVAS
added 2018/04/24 12:0 a.m.46 views

Sonos Speakers Information Disclosure Vulnerability (Apr 2018) - Active Check

Sonos speakers are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/a:sonos:...

7AI score
Exploits0References2
Citrix
Citrix
added 2018/03/29 12:0 a.m.7 views

How to restrict users to access device settings on Samsung devices in KIOSK mode

Restrict users to access device settings in Samsung KIOSK mode...

7AI score
Exploits0
n0where
n0where
added 2018/02/03 1:55 a.m.410 views

Software Defined Radio Attack Tool: RFCrack

RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...

0.9AI score
Exploits0References1
Prion
Prion
added 2018/01/29 5:29 a.m.15 views

Cross site request forgery (csrf)

An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery CSRF vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead...

6.8CVSS8.9AI score0.02712EPSS
Exploits5References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2018/01/23 12:0 a.m.5 views

VulnCheck KEV: CVE-2015-2052

Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface...

10CVSS6.4AI score0.05205EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2017/12/07 12:0 a.m.5 views

The vulnerability of the microprogrammed software of the BINOM3 Universal Multifunctional Electric Power Quality Meter lies in the lack of authentication, which allows attackers to gain access to the device’s settings.

The vulnerability of the microprogrammed software of the BINOM3 Universal Multifunctional Electric Power Quality Meter is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the device and perform arbitrary settin...

10CVSS5.6AI score0.1261EPSS
Exploits2References3
Cvelist
Cvelist
added 2017/11/06 8:0 a.m.20 views

CVE-2017-16563

Cross-Site Request Forgery CSRF in the Basic Settings screen on Vonage Grandstream HT802 devices allows attackers to modify settings, related to cgi-bin/update...

8AI score0.00437EPSS
Exploits1References1
seebug.org
seebug.org
added 2017/09/20 12:0 a.m.56 views

Moxa AWK-3131A Web Application Cross-Site Request Forgery Vulnerability(CVE-2016-8718)

Summary An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an...

6.8CVSS9.5AI score0.00536EPSS
Exploits2
OSV
OSV
added 2017/09/15 5:29 p.m.2 views

CVE-2017-10846

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors...

7.5CVSS5.8AI score0.01585EPSS
Exploits0References2
Prion
Prion
added 2017/09/15 5:29 p.m.12 views

Authentication flaw

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors...

5CVSS7.3AI score0.01585EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/09/15 5:0 p.m.21 views

CVE-2017-10846

Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors...

7.4AI score0.01585EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/07/04 4:59 a.m.4 views

MFC-J960DWN vulnerable to cross-site request forgery

Overview MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.5AI score0.00722EPSS
Exploits0References5
Vulnerability Lab
Vulnerability Lab
added 2016/05/02 12:0 a.m.29 views

WK UDID v1.0.1 iOS - Command Inject Vulnerability

Document Title: =============== WK UDID v1.0.1 iOS - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1539 Release Date: ============= 2016-05-02 Vulnerability Laboratory ID VL-ID: ==================================== 1539...

7.1AI score
Exploits0
Rows per page
Query Builder