Lucene search
K

1453 matches found

OSV
OSV
added 2024/10/06 3:15 p.m.3 views

CVE-2024-9555

A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasyWizard of the file /goform/formSetEasyWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely...

8.8CVSS7.6AI score
Exploits0References5
OSV
OSV
added 2024/10/06 4:15 a.m.2 views

CVE-2024-9549

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formEasySetupWizard/formEasySetupWizard2 of the file /goform/formEasySetupWizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated...

8.8CVSS7.7AI score0.01463EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/10/06 12:0 a.m.4 views

D-Link DIR-605L 安全漏洞

The AUO DIR-605L is a wireless router from China's AUO D-Link. The AUO DIR-605L suffers from a buffer overflow vulnerability, which originates from the curTime parameter of the formEasySetupWizard/formEasySetupWizard2 function in the /goform/formEasySetupWizard page that fails to correctly valida...

9CVSS8AI score0.01463EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/10/06 12:0 a.m.5 views

PT-2024-7098 · D Link · Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: A critical issue has been found in the function formWlanSetup Wizard of the file /goform/formWlanSetup Wizard. The manipulation of the argument webpage leads to buffer overflow. This issue...

9CVSS9.1AI score0.01374EPSS
Exploits1References12
CNNVD
CNNVD
added 2024/10/06 12:0 a.m.3 views

D-Link DIR-605L 安全漏洞

The AUO DIR-605L is a wireless router from China's AUO D-Link. The AUO DIR-605L suffers from a buffer overflow vulnerability, which originates from the curTime parameter of the formSetWizard1/formSetWizard2 function failing to properly validate the length of the input data, which can be exploited...

9CVSS8.1AI score0.01337EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/26 4:25 p.m.5 views

Malicious code in csm-installation-wizard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b5bdad9e0b6a88bc81e8ae16cc200d4c4ac3e021b0583309fbc4338574fc64b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.5 views

PT-2024-7237 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: A critical vulnerability was found in the D-Link DIR-605L router, affecting the formSetWizard1 and formSetWizard2 functions. The manipulation of the curTime argument leads to a buffer overflow...

9CVSS9AI score0.01337EPSS
Exploits1References13
VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2009-1872

Multiple cross-site scripting XSS vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to 2 wizards/common/logintowizard.cfm,...

4.3CVSS5.8AI score0.1614EPSS
Exploits2References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/09 9:53 a.m.4 views

Malicious code in request-wizard (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff748393cb55e78c43fea879bbd55034152148246aa8d45359cfa8517845e17c Importing the module starts an Infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2024-09-hyperreq...

7AI score
Exploits0References1
OSV
OSV
added 2024/09/09 9:53 a.m.11 views

MAL-2025-3464 Malicious code in request-wizard (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff748393cb55e78c43fea879bbd55034152148246aa8d45359cfa8517845e17c Importing the module starts an Infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2024-09-hyperreq...

6.9AI score
Exploits0References1
Citrix
Citrix
added 2024/08/31 12:0 a.m.14 views

PVS Configuration Wizard fails when connecting to the database

The customer has PVS servers running in Azure. In the PVS Configuration Wizard, in the "Database Server" dialogue when specifying Authentication "Active Directory Password ", and proceeding with specifying a domain username and password results in an error...

7.3AI score
Exploits0
OSV
OSV
added 2024/08/20 2:15 a.m.5 views

CVE-2024-5939

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to read the...

5.3CVSS5.8AI score0.00481EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/08/20 12:0 a.m.3 views

WordPress plugin GiveWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.5AI score0.00481EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.5 views

PT-2024-37254 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions up to, and including, 3.13.0 Description: The issue is related to unauthorized access of data due to a missing capability check on the setup wizard function. This allows unauthenticat...

5.3CVSS6.8AI score0.00481EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.6 views

PT-2024-26149 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A logic error in the code of shouldRestrictOverlayActivities in UsbProfileGroupSettingsManager.java could lead to a possible escape from SUW, resulting in local escalation of privilege with...

7.8CVSS7AI score0.00189EPSS
Exploits0References5
Citrix
Citrix
added 2024/08/15 12:0 a.m.7 views

CVAD wizard fails with device name # is invalid when PVS-Accelerator is enabled

We are using XenServer 8.0 and PVS Accelerator the CVAD wizard will fail to create new devices. When an AOT trace is captured and analyzed you will see the following errors in the logs: PVSDllHypervisorPlatformsAO,,0,,5,Information,"XenAPI failure, error description:...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/08/07 12:0 a.m.5 views

The vulnerability of the setWizardCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK N350RT router’s software, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setWizardCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK N350RT router microprogramming system is related to the issue of data being written outside of the buffer in memory when processing the ssid parameter. Exploiting this vulnerability allows an attacker ...

9CVSS7.9AI score0.01349EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-38173 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R version 9.1.0u.6268 B20220504 Description: A critical issue was found in the setWizardCfg function of the /cgi-bin/cstecgi.cgi file. The manipulation of the ssid argument leads to buffer overflow. It is possible to launch the...

9CVSS8.8AI score0.0109EPSS
Exploits1References7
OSV
OSV
added 2024/07/28 10:15 a.m.3 views

CVE-2024-7154

A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack...

7.5CVSS4.8AI score0.00431EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/07/28 12:0 a.m.3 views

TOTOLINK A3700R 访问控制错误漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3700R suffers from an Access Control Error vulnerability that originates from the /wizard.html function of the Password Reset Handler component containing an improper access control issue. An attacker...

7.5CVSS6.7AI score0.00431EPSS
Exploits1References5
Rows per page
Query Builder