PT-2026-21758

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...

TOTOLINK X2000R 缓冲区错误漏洞

OTOLINK X2000R Gh is a WiFi 6 router from China's Gion Electronics TOTOLINK, which supports Gigabit network and Easy Mesh features with multi-device connectivity and wireless expansion. The TOTOLINK X2000R Gh suffers from a buffer overflow vulnerability that stems from the formParentControl metho...

Assmann Electronic DIGITUS DA-70254 4-Port Gigabit Network Hub Input Validation Error Vulnerability

The Assmann Electronic DIGITUS DA-70254 4-Port Gigabit Network Hub is a Gigabit network hub from Assmann Electronic, Germany. An input validation error vulnerability exists in Assmann Electronic DIGITUS DA-70254 4-Port Gigabit Network Hub version 2.073.000.E0008. The vulnerability arises from the...

CVE-2020-15060

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name...

CVE-2020-15065

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values...

CVE-2020-15058

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic...

Cross site scripting

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name...

Cross site scripting

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name...

CVE-2020-15064

The CVE-2020-15064 entry concerns the DIGITUS DA-70254 4-Port Gigabit Network Hub (firmware 2.073.000.E0008). Multiple connected sources confirm a stored XSS vulnerability in the web UI: an attacker on the same network can leverage administrative privileges to set a crafted server name, triggerin...

CVE-2020-15060

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name...

CVE-2020-15060

The Lindy 42633 4-Port USB 2.0 Gigabit Network Server (firmware 2.078.000) has a persistent cross-site scripting (XSS) vulnerability. An attacker on the same network can exploit it by leveraging administrative privileges to set a crafted server name, enabling persistent XSS. The root cause is rel...

CVE-2020-15059

The CVE-2020-15059 entry concerns Lindy 42633 4-Port USB 2.0 Gigabit Network Server (firmware 2.078.000). The vulnerability enables authentication bypass via a web administration request that omits a password parameter, allowing an attacker on the same network to access privileged functions. Affe...

CVE-2020-15059

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter...

5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws

Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have...

Cisco Intrusion Prevention System Jumbo Frame Denial of Service (cisco-sa-20080618-ips)

According to its self-reported version, the version of the Cisco Intrusion Prevention System Software running on the remote host may be vulnerable to a denial of service DoS attack caused by a kernel panic. This is due to the handling of jumbo Ethernet frames when gigabit network interfaces are...

Mandrake Security Advisory MDVSA-2009:118 (kernel)

The remote host is missing an update to the kernel announced via advisory MDVSA-2009:118. OpenVAS Vulnerability Test $Id: mdksa2009118.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:118 kernel Authors: Thomas Reinke Copyright: Copyright c 2009 E-Sof...

Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo Frame Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Intrusion Prevention System Jumbo Frame Denial of Service Advisory ID: cisco-sa-20080618-ips Revision 1.0 For Public Release 2008 June 18 1600 UTC GMT +--------------------------------------------------------------------...

CVE-2006-3596

The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System IPS 5.11 through 5.1p1, as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service kernel panic and possibly network outage via a...