CVE-2024-10498

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in...

gotortc vulnerable to Cross-Site Request Forgery

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

Design/Logic Flaw

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...

Command injection

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

CVE-2021-3707

CVE-2021-3707 (and CVE-2021-3708) affects D-Link DSL-2750U routers with firmware vME1.16 or earlier. The issues allow an unauthenticated attacker on the local network to perform dangerous actions: CVE-2021-3707 enables unauthorized configuration modification, while CVE-2021-3708 enables OS comman...

D-Link DSL-2750U安全漏洞

The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router.An unauthorized configuration modification vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could use this vulnerability to modify the configuration without authorization...

CVE-2020-1630

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines RE, Virtual Chassis VC or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...

Privilege escalation

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines RE, Virtual Chassis VC or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...

Multiple Vulnerabilities in Cisco Wireless LAN Controllers (cisco-sa-20090727-wlc)

The remote Cisco Wireless LAN Controller WLC is affected by one or more of the following vulnerabilities: - Malformed HTTP or HTTPS authentication response Denial of Service CVE-2009-1164 - SSH connections Denial of Service CVE-2009-1165 - Crafted HTTP or HTTPS request Denial of Service...

CVE-2002-1553

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist...