Dreambox WebControl 2.0.0 - Cross-Site Scripting

Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. id: CVE-2017-15287 info: name: Dreambox WebControl 2.0.0 - Cross-Site Scripting author:...

OpenDreambox 2.0.0 - Remote Code Execution

OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...

EUVD-2015-4731

Malware in sbrugna...

EUVD-2008-3921

Malware in sbrugna...

EUVD-2011-4634

Malware in sbrugna...

EUVD-2017-6744

Malware in sbrugna...

EUVD-2022-43989

Malicious code in bioql PyPI...

EUVD-2022-46640

Malicious code in bioql PyPI...

CVE-2022-43644

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on T...

CVE-2022-43644

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on T...

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on T...

CVE-2022-43644

CVE-2022-43644 affects D-Link DIR-825 routers (version 1.0.9/EE). The vulnerability originates in the Dreambox plugin for the xupnpd service, which listens on TCP port 4044. It stems from improper validation of a user-supplied string before it is used to execute a system call, allowing network-ad...

D-Link DIR-2150 <= 4.0.1 Multiple Vulnerabilities

D-Link DIR-2150 devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-40720

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on...

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on...

CVE-2022-40720

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on...

CVE-2022-40720

The CVE-2022-40720 issue affects D-Link DIR-2150 routers (firmware 4.0.1) via the Dreambox xupnpd plugin, which listens on TCP port 4044. The root cause is improper validation of a user-supplied string before it is used in a system call, enabling network-adjacent attackers to execute arbitrary co...

PT-2022-26990 · D Link · D-Link Dir-825

Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 version 1.0.9/EE Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the Dreambox...

D-Link DIR-825/EE xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP por...

D-Link DIR-2150 xupnpd Dreambox Plugin Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP...