Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fixed the UB in overflowallocationtest. The 'devicename' array does not exist outside the 'overflowallocationtest' function scope. However, it is used as a driver name when calling 'kunitdrivercreate' from...

EUVD-2018-2175

Malware in sbrugna...

EUVD-2020-27991

Malware in sbrugna...

EUVD-2014-6495

Malware in sbrugna...

CVE-2020-6848

Axper Vision II 4 devices allow XSS via the DEVICENAME aka Device Name parameter to the configWebParams.cgi URI...

TOTOLINK AC1200 T8 Buffer Overflow Vulnerability

The TOTOLINK AC1200 T8 is a dual-band full gigabit router. The TOTOLINK AC1200 T8 suffers from a buffer overflow vulnerability that originates from the devicename parameter in the setWiFiMeshName method of the /cgi-bin/cstecgi.cgi page contains a buffer overflow vulnerability. No detailed...

TOTOLINK AC1200 安全漏洞

The TOTOLINK AC1200 T8 is a dual-band full gigabit router. The TOTOLINK AC1200 T8 suffers from a buffer overflow vulnerability that originates from the devicename parameter in the setWiFiMeshName method of the /cgi-bin/cstecgi.cgi page contains a buffer overflow vulnerability. No detailed...

CVE-2020-6848

Axper Vision II 4 devices allow XSS via the DEVICENAME aka Device Name parameter to the configWebParams.cgi URI...

Design/Logic Flaw

Axper Vision II 4 devices allow XSS via the DEVICENAME aka Device Name parameter to the configWebParams.cgi URI...

CVE-2018-10096

joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...

Cross site request forgery (csrf)

joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...

CVE-2018-10096

joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...

CVE-2018-10096

Joyplus-cms 1.6.0 is affected by a cross-site scripting (XSS) vulnerability exploitable through the device_name parameter in manager/admin_ajax.php?action=save flag=add. The root cause is likely inadequate input sanitization of device_name, allowing injected scripts to be reflected in the applica...

QuickHeal 16.00 - webssx.sys Driver Denial of Service

QuickHeal 16.00 - webssx.sys Driver Denial of Service Exploit Title: QuickHeal webssx.sys driver DOS vulnerability Date: 19/02/2016 Exploit Author: Csaba Fitzl Vendor Homepage: http://www.quickheal.co.in/ Version: 16.00 Tested on: Win7x86, Win7x64 CVE : CVE-2015-8285 from ctypes import from...

CVE-2014-6616

CVE-2014-6616 is an XSS flaw in Softing FG-100 PROFIBUS Single Channel (FG-100-PB) firmware FG-x00-PB_V2.02.0.00. The web GUI fails to properly encode user data, allowing an attacker to inject arbitrary script via the DEVICE_NAME parameter to /cgi-bin/CFGhttp. Impact: remote script execution with...