TRENDnet TEW-657BRM vpn_drop Function OS Command Injection Vulnerability

The TRENDnet TEW-657BRM is a WiFi router from TRENDnet. An OS command injection vulnerability exists in the TRENDnet TEW-657BRM vpndrop function, which originates from a misuse of the vpndrop function parameter policyname in file /setup.cgi, and can be exploited by an attacker to cause OS command...

CVE-2026-5355

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpndrop of the file /setup.cgi. The manipulation of the argument policyname leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

EUVD-2026-18412

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpndrop of the file /setup.cgi. The manipulation of the argument policyname leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

CVE-2026-5354

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpnconnect of the file /setup.cgi. Executing a manipulation of the argument policyname can lead to os command injection. The attack can be executed remotely. The exploit has been published and may ...

CVE-2026-5354

Trendnet TEW-657BRM 1.00.1 is affected by CVE-2026-5354 due to a flaw in the vpn_connect function in /setup.cgi where manipulating the policy_name argument enables remote os command injection. Exploitation is possible without user interaction and remote access, with the exploit published and pote...

CVE-2026-5354 Trendnet TEW-657BRM setup.cgi vpn_connect os command injection

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpnconnect of the file /setup.cgi. Executing a manipulation of the argument policyname can lead to os command injection. The attack can be executed remotely. The exploit has been published and may ...

CVE-2025-34177

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34177

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34178

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34177

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34178

The CVE refers to pfSense CE with the Suricata package where the policy_name parameter is not sanitized of HTML-related strings before display, causing stored XSS. Connected sources specify this affects Netgate pfSense CE Suricata package (notably v7.0.8_2 in CVE-2025-34178 listings) and require ...

CVE-2025-34178 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataappparsers.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34177 Netgate pfSense CE Suricata package v7.0.8_2 Stored Cross-Site Scripting

In pfSense CE /suricata/suricataflowstream.php, the value of the policyname parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata...

CVE-2025-34177

PfSense CE with Suricata package is affected by a stored XSS in suricata_flow_stream.php: the policy_name parameter is not sanitized, allowing reflected HTML/JS content to persist when displayed. Exploitation requires authentication with at least WebCfg - Services: suricata package permissions. T...

PT-2025-36944

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The policy name parameter in /suricata/suricata flow stream.php is not properly sanitized to remove HTML-related strings and characters before being displayed. This can lead to stored...

NETGEAR SRX5308 跨站脚本漏洞

The NETGEAR SRX5308 is a VPN firewall appliance from NETGEAR. The NETGEAR SRX5308 suffers from a cross-site scripting vulnerability that originates from an incorrect operation of the parameter IpsecIKEPolicy.IKEPolicyName. The vulnerability can be exploited by an attacker to obtain sensitive...

CVE-2021-24016

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...

CVE-2015-8630

The 1 kadm5createprincipal3 and 2 kadm5modifyprincipal functions in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash b...

Pivotal Software RabbitMQ management plugin cross-site scripting vulnerability

Pivotal Software RabbitMQ is a British company Pivotal Software's set of implementation of the Advanced Message Queuing Protocol AMQP open source messaging agent software. rabbitMQ management is one of the management plug-in . A cross-site scripting vulnerability exists in the Pivotal Software...

FreeBSD Security Advisory FreeBSD-SA-11:10.pam

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:10.pam Security Advisory The FreeBSD Project Topic: pamstart does not validate service names Category: contrib Module: pam Announced: 2011-12-23 Credits:...