25 matches found
EUVD-2019-9213
Malware in sbrugna...
EUVD-2021-21476
Malware in sbrugna...
EUVD-2019-18509
Malware in sbrugna...
EUVD-2022-46618
Malicious code in bioql PyPI...
CVE-2021-34829
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAPAUTH HTTP header. The issue resul...
CVE-2019-19598
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAPAUTH header timestamp value. In HTTP requests, part of the HNAPAUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to...
CVE-2019-19597
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAPAUTH HTTP header...
CVE-2022-43622
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...
Stack overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...
CVE-2022-43622
CVE-2022-43622 affects D-Link DIR-1935 devices (version 1.03). The flaw is in handling of the Login requests to the web management portal: during parsing of the HNAP_AUTH header, the length of user-supplied data is not properly validated before copying into a fixed-size stack buffer, enabling a s...
CVE-2022-43622
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...
D-Link DIR-1935 HNAP_AUTH Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAPAUTH HTTP header. The issue resul...
CVE-2021-34829
CVE-2021-34829 affects D-Link DAP-1330 routers (1.13B01 BETA). A flaw in handling the HNAP_AUTH header allows a network-adjacent attacker to overflow a fixed-length buffer, enabling remote code execution in the device context. The root cause is insufficient validation of the length of user-suppli...
(0Day) D-Link DAP-1330 lighttpd http_parse_request Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAPAUTH HTTP header. The issue results from the...
CVE-2019-19598
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAPAUTH header timestamp value. In HTTP requests, part of the HNAPAUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to...
CVE-2019-19597
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAPAUTH HTTP header...
Design/Logic Flaw
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAPAUTH header timestamp value. In HTTP requests, part of the HNAPAUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to...
Remote code execution
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAPAUTH HTTP header...
CVE-2019-19597
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAPAUTH HTTP header...