4 matches found
CVE-2019-14918
XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an attacker to inject arbitrary HTML/JavaScript code to achieve client-side code execution via crafted DHCP request packets to etcro/web/internet/dhcpcliinfo.asp...
Billion Smart Energy Router SG600R2 DHCP Lease Status Form Cross-Site Scripting Vulnerability
The Billion Smart Energy Router SG600R2 is a router device. A cross-site scripting vulnerability exists in the Billion Smart Energy Router SG600R2 DHCP lease status form, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain...
CVE-2019-14918
XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an attacker to inject arbitrary HTML/JavaScript code to achieve client-side code execution via crafted DHCP request packets to etcro/web/internet/dhcpcliinfo.asp...
DEBIAN-CVE-2011-4868
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS DDNS and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via crafted packets...