18 matches found
CVE-2026-12755
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
EUVD-2026-39386
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
CVE-2026-12755
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
CVE-2026-1460
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...
CVE-2026-1460
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...
EUVD-2026-5805
A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...
CVE-2025-29231
A stored cross-site scripting XSS vulnerability in the pagesave component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters...
EUVD-2025-203802
A stored cross-site scripting XSS vulnerability in the pagesave component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters...
CVE-2025-29231
The CVE-2025-29231 entry describes a stored XSS vulnerability in the Linksys E5600, specifically in the page_save component of firmware version V1.1.0.26. The issue allows an attacker to execute arbitrary scripts via crafted input in the hostname and domainName parameters. According to the publis...
CVE-2025-29231
A stored cross-site scripting XSS vulnerability in the pagesave component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters...
PT-2025-51737
Name of the Vulnerable Software and Affected Versions Linksys E5600 version V1.1.0.26 Description A stored cross-site scripting XSS issue exists in the page save component of the Linksys E5600. An attacker can inject a crafted payload into the hostname and domainName parameters, potentially leadi...
CVE-2023-45465
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings...
CVE-2023-27063
Tenda V15V1.0 V15.11.0.14152131901058 was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
Tenda W15E 安全漏洞
Tenda W15E is a wireless router from Tenda China. A security vulnerability exists in the Tenda W15E V1.0 V15.11.0.14 152131901058 version, which originates from the discovery of a contain you buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function...
Synology DNS Server Directory Traversal Vulnerability
Synology DNS Server is a DNS server solution from Synology. A directory traversal vulnerability exists in SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server versions prior to 2.2.1-3042. A remote attacker can exploit the vulnerability to write arbitrary files with the help of the...
CVE-2017-12074
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domainname parameter...
Kemp Virtual LoadMaster /progs/geoctrl/doadd fqdn stored cross-site scripting vulnerability
Kemp Virtual LoadMaster is a virtual load balancer. Kemp Virtual LoadMaster /progs/geoctrl/doadd handles the fqdn parameter cross-site scripting vulnerability, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to...
PT-2015-5024 · D Link · D-Link Dsl-2730B
Name of the Vulnerable Software and Affected Versions: D-Link DSL-2730B router rev C1 with firmware GE 1.01 Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via several parameters, including the domainname parameter to "dnsProxy.cmd" DNS Proxy...