3481 matches found
CVE-2026-2854
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...
CVE-2026-2854
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...
CVE-2026-2854 D-Link DWR-M960 NTP Configuration Endpoint formNtp sub_4611CC stack-based overflow
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...
CVE-2026-2854 D-Link DWR-M960 NTP Configuration Endpoint formNtp sub_4611CC stack-based overflow
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...
CVE-2026-2854
DVE-2026-2854 affects D-Link DWR-M960 firmware 1.01.07. The flaw is in the NTP Configuration Endpoint, specifically the sub_4611CC function in /boafrm/formNtp, where manipulating the submit-url argument can trigger a stack-based buffer overflow. Remote exploitation is possible, with exploit resea...
CVE-2026-2823
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...
CVE-2026-2823
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...
CVE-2026-2823 Comfast CF-E7 webmggnt mbox-config sub_41ACCC command injection
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...
CVE-2026-2823 Comfast CF-E7 webmggnt mbox-config sub_41ACCC command injection
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...
CVE-2026-2823
CVE-2026-2823 affects Comfast CF-E7 with firmware 2.6.0.9. The vulnerability lies in the webmgmt component, specifically the function sub_41ACCC in /cgi-bin/mbox-config?method=SET§ion=ntp_timezone, where manipulating the timestr argument results in a remote command-injection. The vulnerabilit...
PT-2026-20999
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub 41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntp timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible...
PT-2026-21288
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub 4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The...
D-Link DWR-M960 安全漏洞
The D-Link DWR-M960 is a router produced by D-Link Corporation. The D-Link DWR-M960 version 1.01.07 has a security vulnerability. This vulnerability stems from a malfunction in the sub4611CC function within the NTP Configuration Endpoint component, which involves incorrect handling of the...
CVE-2019-25412 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via NTP_SERVER_LIST
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTPSERVERLIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the...
CVE-2019-25412
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTPSERVERLIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the...
CVE-2019-25412 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via NTP_SERVER_LIST
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTPSERVERLIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the...
Comodo Dome Firewall 跨站脚本漏洞
Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the NTPSERVERLIST parameter input in the...
CVE-2026-2537
A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely...
CVE-2019-25382
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...
CVE-2019-25382
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTPSERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the...