Lucene search
K

354 matches found

Prion
Prion
added 2020/05/14 5:15 p.m.17 views

Buffer overflow

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...

7.5CVSS9.5AI score0.02919EPSS
Exploits1References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.17 views

Advantech WebAccess/NMS forcedScanDevice SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the forcedScanDevice.action endpoint. When...

7.5CVSS2.3AI score0.01263EPSS
Exploits0References1
Prion
Prion
added 2019/06/11 9:29 p.m.12 views

Cross site request forgery (csrf)

HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mactable request...

10CVSS9.5AI score0.47901EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/10/29 12:29 p.m.4 views

CVE-2018-18731

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request,...

7.5CVSS6.2AI score0.01141EPSS
Exploits1References1
OSV
OSV
added 2018/10/29 12:29 p.m.3 views

CVE-2018-18729

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post...

9.8CVSS6.1AI score0.01347EPSS
Exploits1References1
Prion
Prion
added 2018/09/02 3:29 a.m.14 views

Command injection

An issue was discovered on Tenda AC9 V15.03.05.196318CN and AC10 V15.03.06.23CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection...

9CVSS8.9AI score0.0362EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2018/04/24 6:29 a.m.18 views

Cross site scripting

app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...

4.3CVSS6AI score0.00844EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/04/24 6:29 a.m.27 views

CVE-2018-10329

app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...

6.1CVSS6.1AI score0.00844EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/24 6:0 a.m.24 views

CVE-2018-10329

app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...

6.1AI score0.00844EPSS
Exploits0References1
CVE
CVE
added 2018/04/24 6:0 a.m.52 views

CVE-2018-10329

The CVE-2018-10329 entry concerns phpIPAM 1.3.1, where the file app/tools/mac-lookup/index.php is vulnerable to a Reflected XSS via the mac parameter in /tools/mac-lookup/. The connected Red Hat, NVD, OSV, and CVE records corroborate this description. What is affected: the phpIPAM web application...

6.1CVSS5.9AI score0.00844EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/07/25 1:29 a.m.16 views

Design/Logic Flaw

snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FWAIC1620W1.1.0-1220120709r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter...

9CVSS7.7AI score0.16987EPSS
Exploits5References6Affected Software1
Cvelist
Cvelist
added 2014/07/28 3:0 p.m.28 views

CVE-2014-5109

SQL injection vulnerability in maint/modules/endpointcfg/endpointgeneric.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action...

8.3AI score0.03406EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2014/07/28 12:0 a.m.5 views

PT-2014-6286 · Fonality · Trixbox

Name of the Vulnerable Software and Affected Versions: Fonality trixbox affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the mac parameter in a Submit action within the maint/modules/endpointcfg/endpoi...

7.5CVSS7.4AI score0.03406EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 1976/01/01 12:0 a.m.11 views

CVE-2024-35339

Tenda FH1206 V1.2.0.88155 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac...

8AI score0.0184EPSS
Exploits1References1
Rows per page
Query Builder