MAL-2022-7091 Malicious code in webcm-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 955551845e6b60e5f365bfcce33f45968362811ecfea804b34c2e2ecefcb651f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in webcm-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 955551845e6b60e5f365bfcce33f45968362811ecfea804b34c2e2ecefcb651f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-35725

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35719

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by...

Cross site scripting

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by t...

Cross site scripting

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by...

CVE-2020-35726

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by t...

CVE-2020-35725

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35725

Affected software: Quest Policy Authority 8.1.2.200. Issue: Reflected XSS enabling remote attackers to inject arbitrary script via a crafted link to /WebCM/index.jsp using the msg parameter. Root cause: user-supplied msg value reflected in the page, enabling code execution in the browser. Impact:...

CVE-2020-35719

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by...

PT-2021-11838 · Quest · Quest Policy Authority

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "/WebCM/Applications/Reports/index.jsp" file via the by parameter. This...

PT-2021-11837 · Quest · Quest Policy Authority

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "/WebCM/index.jsp" file using the msg parameter. This affects products that...

VulnCheck KEV: CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

D-link DSL-2640T Cross-Site Scripting Vulnerability

The D-link DSL-2640T is a wireless router from AUO D-Link. A cross-site scripting vulnerability exists in the cgi-bin/webcm page in the D-link DSL-2640T. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'var:RelaodHref' or 'var:conid' parameter...

CVE-2018-18636

The CVE-2018-18636 entry concerns the D-Link DSL-2640T router. A cross-site scripting (XSS) vulnerability exists in the cgi-bin/webcm page reachable on the device, exploitable via the var:RelaodHref or var:conid parameters. Affected product: D-Link DSL-2640T routers (CGI web management interface)...

Design/Logic Flaw

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

PT-2015-4366 · Avm · Avm Fritz!Box

Name of the Vulnerable Software and Affected Versions: AVM Fritz!Box affected versions not specified Description: The issue allows remote attackers to execute arbitrary commands. This is achieved by using shell metacharacters in the var:lang parameter to the "cgi-bin/webcm" API endpoint...

FritzBox /webcm 命令执行漏洞

No description provided by source...

Netgear DG632 Router Authentication Bypass Vulnerability

Product Name: Netgear DG632 Router Vendor: http://www.netgear.com Date: 15 June, 2009 Author: [email protected] [email protected] Original URL: http://www.tomneaves.co.uk/NetgearDG632AuthenticationBypass.txt Discovered: 18 November, 2006 Disclosed: 15 June, 2009 I. DESCRIPTION The Netgear DG6...