21 matches found
EUVD-2015-5936
Malware in sbrugna...
EUVD-2015-5934
Malware in sbrugna...
EUVD-2015-5935
Malware in sbrugna...
EUVD-2025-26602
Malicious code in bioql PyPI...
CVE-2025-56498
An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit...
CVE-2025-56498
The CVE-2025-56498 entry concerns the PLDT WiFi Router Prolink PGN6401V (Firmware 8.1.2) web management interface. The vulnerability resides in the ping6.asp page, where the pingAddr parameter is sent to /boaform/formPing6 without proper sanitization, enabling an authenticated attacker to inject ...
CVE-2025-56498
An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit...
ProLink PRS1841 PLDT Home fiber - Default Password
Exploit Title: Router backdoor - ProLink PRS1841 PLDT Home fiber Date: 12/8/2022 Exploit Author: Lawrence Amer @zux0x3a Vendor Homepage: https://prolink2u.com/product/prs1841/ Firmware : PRS1841 U V2 research:...
CVE-2015-5993
Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service device outage via a long ipaddr parameter...
CVE-2015-5992
Cross-site scripting XSS vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...
CVE-2015-5991
Cross-site request forgery CSRF vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perfo...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perfo...
Cross site scripting
Cross-site scripting XSS vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...
Buffer overflow
Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service device outage via a long ipaddr parameter...
CVE-2015-5992
Cross-site scripting XSS vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...
CVE-2015-5991
The CVE-2015-5991 CSRF vulnerability affects PLDT SpeedSurf 504AN (firmware GAN9.8U26-4-TX-R6B018-PH.EN) and Kasda KW58293 devices, via the form2WlanSetup.cgi page. The underlying issue is improper/authentication bypass for administrative actions, enabling a remote attacker to hijack an administr...
CVE-2015-5992
The CVE-2015-5992 entry concerns Cross-Site Scripting (XSS) in the form2WlanSetup.cgi page of PLDT SpeedSurf 504AN (firmware GAN9.8U26-4-TX-R6B018-PH.EN) and Kasda KW58293 devices. The vulnerability arises from insufficient filtering of the ssid parameter, enabling a remote attacker to inject arb...
CVE-2015-5991
Cross-site request forgery CSRF vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perfo...
CVE-2015-5993
Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service device outage via a long ipaddr parameter...
CVE-2015-5993
The CVE-2015-5993 entry refers to a buffer overflow in the form2ping.cgi page of PLDT SpeedSurf 504AN devices (firmware GAN9.8U26-4-TX-R6B018-PH.EN) and Kasda KW58293 devices. A crafted, long ipaddr parameter can be sent via a POST request to trigger a denial of service (device outage). The conne...