25 matches found
CVE-2026-25073
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25070
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
EUVD-2026-10093
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-25073
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073 XikeStor SKS8310-8X Stored XSS via System Name
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25073 XikeStor SKS8310-8X Stored XSS via System Name
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary script content through the System Name field. Attackers can inject malicious scripts that execute in a victim's brows...
CVE-2026-25071
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-25070 XikeStor SKS8310-8X PingTestSet Command Injection
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers can inject malicious commands through th...
EUVD-2010-4929
Malware in sbrugna...
EUVD-2015-2161
Malware in sbrugna...
CVE-2010-4964
recordertest.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability...
CVE-2015-2048
Cross-site request forgery CSRF vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2024-45372
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc...
CVE-2024-22651
There is a command injection vulnerability in the ssdpcgimain function of cgibin binary in D-Link DIR-815 router firmware v1.04...
PT-2024-19522 · D Link · D-Link Dir-815
Name of the Vulnerable Software and Affected Versions: D-Link DIR-815 router firmware version 1.04 Description: There is a command injection issue in the ssdpcgi main function of the cgibin binary. This affects the D-Link DIR-815 router firmware. Recommendations: For D-Link DIR-815 router firmwar...
Unrestricted file upload
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension...
CVE-2015-2049
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension...
CVE-2010-4965
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server...
Hardcoded credentials
/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server...
CVE-2010-4964
recordertest.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability...