354 matches found
Buffer overflow
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...
Advantech WebAccess/NMS forcedScanDevice SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the forcedScanDevice.action endpoint. When...
Cross site request forgery (csrf)
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mactable request...
CVE-2018-18731
An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request,...
CVE-2018-18729
An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post...
Command injection
An issue was discovered on Tenda AC9 V15.03.05.196318CN and AC10 V15.03.06.23CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection...
Cross site scripting
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...
CVE-2018-10329
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...
CVE-2018-10329
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter...
CVE-2018-10329
The CVE-2018-10329 entry concerns phpIPAM 1.3.1, where the file app/tools/mac-lookup/index.php is vulnerable to a Reflected XSS via the mac parameter in /tools/mac-lookup/. The connected Red Hat, NVD, OSV, and CVE records corroborate this description. What is affected: the phpIPAM web application...
Design/Logic Flaw
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FWAIC1620W1.1.0-1220120709r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter...
CVE-2014-5109
SQL injection vulnerability in maint/modules/endpointcfg/endpointgeneric.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action...
PT-2014-6286 · Fonality · Trixbox
Name of the Vulnerable Software and Affected Versions: Fonality trixbox affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the mac parameter in a Submit action within the maint/modules/endpointcfg/endpoi...
CVE-2024-35339
Tenda FH1206 V1.2.0.88155 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac...