EUVD-2006-0382

Malware in sbrugna...

PT-2025-29398 · D Link · Dir-818Lw

Name of the Vulnerable Software and Affected Versions: D-Link DIR-818LW versions up to 20191215 Description: A critical issue exists in D-Link DIR-818LW. The vulnerability is located within the System Time Page component. Manipulation of the NTP Server argument can lead to os command injection,...

CVE-2022-28573

D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the systemtimetimezone parameter...

CVE-2020-9020

Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...

CVE-2020-35262

Cross Site Scripting XSS vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter...

CVE-2025-22495

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4. Note -...

Network Time Protocol Daemon (ntpd) readvar Variable Overflow RCE

The remote NTP server is affected by a buffer overflow condition due to improper bounds checking on the 'readvar' argument. An unauthenticated, remote attacker can exploit this, via a specially crafted request that uses an overly long argument, to execute arbitrary code with root privileges. C...