Lucene search
+L

3481 matches found

NVD
NVD
added 2026/02/20 8:25 p.m.10 views

CVE-2026-2854

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

9CVSS0.00642EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/20 7:2 p.m.4 views

CVE-2026-2854

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

9CVSS6.2AI score0.00642EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 7:2 p.m.4 views

CVE-2026-2854 D-Link DWR-M960 NTP Configuration Endpoint formNtp sub_4611CC stack-based overflow

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

9CVSS8.8AI score0.00642EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/20 7:2 p.m.37 views

CVE-2026-2854 D-Link DWR-M960 NTP Configuration Endpoint formNtp sub_4611CC stack-based overflow

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

9CVSS0.00642EPSS
Exploits1References5
CVE
CVE
added 2026/02/20 7:2 p.m.25 views

CVE-2026-2854

DVE-2026-2854 affects D-Link DWR-M960 firmware 1.01.07. The flaw is in the NTP Configuration Endpoint, specifically the sub_4611CC function in /boafrm/formNtp, where manipulating the submit-url argument can trigger a stack-based buffer overflow. Remote exploitation is possible, with exploit resea...

9CVSS8.7AI score0.00642EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/02/20 5:17 a.m.22 views

CVE-2026-2823

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...

8.8CVSS0.17394EPSS
Exploits1References4
OSV
OSV
added 2026/02/20 5:17 a.m.7 views

CVE-2026-2823

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...

8.8CVSS5.6AI score0.17394EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/20 5:2 a.m.5 views

CVE-2026-2823 Comfast CF-E7 webmggnt mbox-config sub_41ACCC command injection

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...

6.5CVSS5.4AI score0.17394EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/20 5:2 a.m.32 views

CVE-2026-2823 Comfast CF-E7 webmggnt mbox-config sub_41ACCC command injection

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...

6.5CVSS0.17394EPSS
Exploits1References4
CVE
CVE
added 2026/02/20 5:2 a.m.24 views

CVE-2026-2823

CVE-2026-2823 affects Comfast CF-E7 with firmware 2.6.0.9. The vulnerability lies in the webmgmt component, specifically the function sub_41ACCC in /cgi-bin/mbox-config?method=SET&section=ntp_timezone, where manipulating the timestr argument results in a remote command-injection. The vulnerabilit...

8.8CVSS6.4AI score0.17394EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.19 views

PT-2026-20999

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub 41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible...

6.5CVSS5.4AI score0.17394EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.10 views

PT-2026-21288

A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub 4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...

9CVSS6.2AI score0.00642EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

D-Link DWR-M960 安全漏洞

The D-Link DWR-M960 is a router produced by D-Link Corporation. The D-Link DWR-M960 version 1.01.07 has a security vulnerability. This vulnerability stems from a malfunction in the sub4611CC function within the NTP Configuration Endpoint component, which involves incorrect handling of the...

9CVSS7.5AI score0.00642EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/19 12:2 p.m.31 views

CVE-2019-25412 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via NTP_SERVER_LIST

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTPSERVERLIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the...

6.1CVSS0.0033EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/19 12:2 p.m.5 views

CVE-2019-25412

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTPSERVERLIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the...

6.1CVSS5.6AI score0.0033EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 12:2 p.m.5 views

CVE-2019-25412 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via NTP_SERVER_LIST

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTPSERVERLIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the...

6.1CVSS5.6AI score0.0033EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

Comodo Dome Firewall 跨站脚本漏洞

Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the NTPSERVERLIST parameter input in the...

6.1CVSS5.6AI score0.0033EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/17 7:28 a.m.13 views

CVE-2026-2537

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely...

7.2CVSS5.5AI score0.2447EPSS
Exploits1References1
OSV
OSV
added 2026/02/16 6:19 p.m.5 views

CVE-2019-25382

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

5.1CVSS5.9AI score0.00254EPSS
Exploits1References3
NVD
NVD
added 2026/02/16 6:19 p.m.10 views

CVE-2019-25382

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...

6.1CVSS0.00254EPSS
Exploits1References3
Rows per page
Query Builder