Lucene search
K

11 matches found

OSV
OSV
added 2019/09/05 2:15 p.m.4 views

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

6.1CVSS6.5AI score0.07253EPSS
Exploits5References4
Prion
Prion
added 2019/09/05 2:15 p.m.15 views

Cross site scripting

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

4.3CVSS6AI score0.07253EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2019/09/05 1:23 p.m.31 views

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

6.1AI score0.07253EPSS
Exploits5References4
exploitpack
exploitpack
added 2019/09/04 12:0 a.m.41 views

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit...

4.3CVSS6.2AI score0.07253EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/09/04 12:0 a.m.297 views

DASAN Zhone ZNID GPON 2426A EU Cross Site Scripting

Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...

6.4AI score0.07253EPSS
Exploits5
NVD
NVD
added 2017/10/17 4:29 p.m.18 views

CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...

9CVSS9.1AI score0.53364EPSS
Exploits4References4
Prion
Prion
added 2017/10/17 4:29 p.m.16 views

Code injection

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...

9CVSS8.2AI score0.53364EPSS
Exploits4References4
Cvelist
Cvelist
added 2017/10/17 4:0 p.m.21 views

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

8.7AI score0.05441EPSS
Exploits4References4
CVE
CVE
added 2017/10/17 4:0 p.m.183 views

CVE-2014-9118

CVE-2014-9118 affects Zhone zNID GPON 2426A (and related 24xx/42xx/26xx/28xx series) prior to S3.0.501. The issue is a command-injection vulnerability in the web admin portal: remote attackers can execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Root cau...

9CVSS9AI score0.53364EPSS
In wildExploits4References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/10/17 12:0 a.m.25 views

CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9CVSS9AI score0.53364EPSS
In wildExploits4References5
Packet Storm
Packet Storm
added 2015/10/12 12:0 a.m.78 views

Zhone Insecure Reference / Password Disclosure / Command Injection

Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: Summary:...

7.7CVSS0.2AI score0.53364EPSS
Exploits6
Rows per page
Query Builder