CVE-2025-65010

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

WODESYS WD-R608U 访问控制错误漏洞

The WODESYS WD-R608U is a wireless router from China Xinyang WODESYS. An access control error vulnerability exists in the WODESYS WD-R608U that stems from improper initial configuration of the wizard.cgi endpoint access control, which could lead to a malicious attacker making unauthorized changes...

Debian DSA-2423-1 : movabletype-opensource - several vulnerabilities

Several vulnerabilities were discovered in Movable Type, a blogging system : Under certain circumstances, a user who has 'Create Entries' or'Manage Blog' permissions may be able to read known files on the local file system. The file management system contains shell command injection...

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each produ...

CVE-2009-2492

Cross-site scripting XSS vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480...

CVE-2009-2492

CVE-2009-2492 describes a cross-site scripting (XSS) vulnerability in the Movable Type web application, specifically in the mt-wizard.cgi component. Affected software is Six Apart Movable Type prior to version 4.261. The vulnerability allows remote attackers to inject arbitrary web script or HTML...

CVE-2009-2481

mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and 1 send e-mail to arbitrary addresses or 2 obtain sensitive information via unspecified vectors...

CVE-2009-2480

CVE-2009-2480 is an XSS in Movable Type’s mt-wizard.cgi affecting versions 4.24 and 4.25 when global templates are not initialized. The vulnerability arises from unsanitized input in the set_static_uri_to parameter, enabling a remote attacker to inject arbitrary script or HTML. Nessus NASL notes ...

CVE-2009-2481

Summary: CVE-2009-2481 affects Movable Type prior to 4.261. When global templates are not initialized, mt-wizard.cgi allows remote bypass of access restrictions, enabling (1) sending email to arbitrary addresses and (2) obtaining sensitive information via unspecified vectors. Affected software: M...

Movable Type mt-wizard.cgi set_static_uri_to Parameter XSS

The version of Movable Type running on the remote host has a cross- site scripting vulnerability in 'mt-wizard.cgi'. Input to the 'setstaticurito' parameter is not sanitized. A remote attacker could exploit this by tricking a user into submitting a specially crafted POST request, which would...