13 matches found
CVE-2025-7407
A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument hostname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to th...
CVE-2025-7407
Netgear D6400 1.0.0.114 contains a remote OS command injection in the diag.cgi file, exploitable via manipulation of the host_name argument. This affects the Netgear D6400 router and is confirmed across multiple sources; exploitation is publicly disclosed and is possible remotely. The vendor note...
NETGEAR D6400 安全漏洞
The Netgear D6400 is a wireless modem from NETGEAR. A remote command execution vulnerability exists in the Netgear D6400, which can be exploited by an attacker to execute arbitrary commands on the system...
SUSE CVE-2017-11455
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CS...
Pulse Connect Secure and Pulse Policy Secure Cross-Site Request Forgery Vulnerabilities
Pulse Connect Secure and Pulse Policy Secure are both products of Pulse Secure, Inc. Pulse Connect Secure is an SSL VPN solution. Pulse Policy Secure is a NAC and BYOD solution. A cross-site request forgery vulnerability exists in the diag.cgi file in Pulse Connect Secure and Pulse Policy Secure,...
CVE-2017-11455
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CS...
PT-2017-12023 · Pulse · Pulse Policy Secure +1
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions 8.2R1 through 8.2R5 Pulse Connect Secure versions 8.1R1 through 8.1R10 Pulse Policy Secure versions 5.3R1 through 5.3R5 Pulse Policy Secure versions 5.2R1 through 5.2R8 Pulse Policy Secure versions 5.1R1 through...
Pulse Connect Secure 'diag.cgi' Cross-Site Request Forgery Vulnerability
Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A cross-site request forgery vulnerability exists in the diag.cgi file in PCS version 8.3R1, which stems from the program's failure to implement cross-site...
Cross site request forgery (csrf)
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these comman...
CVE-2017-11193
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these comman...
CVE-2017-11193
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these comman...
CVE-2017-11193
Pulse Connect Secure 8.3R1 is affected by a CSRF vulnerability in diag.cgi. The diag.cgi panel can execute commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe, and these functions lack CSRF protections. An attacker can entice an administrator to visit a malicious p...
Netgear D6300B Router多个安全漏洞
BUGTRAQ ID: 65703 Netgear D6300B是美国网件(Netgear)公司的一款无线路由器产品。 Netgear D6300B路由器中存在以下安全漏洞:1.未授权访问漏洞2.命令注入漏洞3.信息泄露漏洞。攻击者可利用这些漏洞获取敏感信息的访问权限,在受影响设备上下文中执行任意命令,执行未授权操作。Netgear D6300B 1.0.0.141.0.14版本中存在漏洞,其他版本也可能受到影响。 0 etgear D6300B 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...