T&D Corporation Security Vulnerabilities

CVE-2024-35843 iommu/vt-d: Use device rbtree in iopf reporting path

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by calling pci_get_domain_bus_and_slot(). This function searches the list of all PCI devices until the...

CVE-2020-1755

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address...

CVE-2020-14320

In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS...

d-hearing.com Cross Site Scripting vulnerability OBB-3905139

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ZTE Cable Modem Web Shell

ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified...

CVE-2020-1756

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin...

d-o-o.de Cross Site Scripting vulnerability OBB-3895706

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2020-1754

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own...

CVE-2024-3273

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the...

CVE-2024-26615 net/smc: fix illegal rmb_desc access in SMC-D connection dump

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d -H...

CVE-2021-47035 iommu/vt-d: Remove WO permissions on second-level paging entries

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it only supports Read-Only and Read-Write permissions. The Write-Only permission is not supported as...

CVE-2024-4965 D-Link DAR-7000-40 resmanage.php os command injection

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated.....

WAVLINK WN530HG4 - Improper Access Control

Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can download log files and configuration data via Exportlogs.sh and possibly obtain sensitive information, modify data, and/or execute unauthorized...

Exploit for Out-of-bounds Write in Kingsoft Internet Security 9 Plus

CVE-2022-25949 A years-old exploit of a local EoP...

CVE-2020-14321

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that...

CVE-2020-14322

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of...

GLSA-201909-08 : D-Bus: Authentication bypass

The remote host is affected by the vulnerability described in GLSA-201909-08 (D-Bus: Authentication bypass) It was discovered that a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated...

CVE-2024-33454

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack...

CVE-2023-26987

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST...

CVE-2024-3274

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The...

CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-5150

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch...

CVE-2023-5152

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The...

CVE-2023-5148

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The...

CVE-2023-5144

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /sysmanage/updateos.php. The manipulation of the argument file_upload leads to unrestricted upload. It is...

SolarView Compact 6.00 - Local File Inclusion

SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive...

glpi -- stored XSS

MITRE Corporation reports: inc/user.class.php in GLPI before 9.4.3 allows XSS via a user...

D-Link Multiple DAP Devices XSS Vulnerability (Apr 2024)

Multiple D-Link DAP devices are prone to a cross-site scripting (XSS)...

CVE-2024-26891 iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to the device by flapping device's link through...

CVE-2024-5294 D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability

D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability.....

CVE-2024-5292 D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on...

CVE-2023-5146

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload.....

CVE-2024-5291 D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The...

CVE-2022-40208

In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz...

CVE-2024-5294

D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability.....

CVE-2021-4336

A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to...

CVE-2021-36397

In Moodle, insufficient capability checks meant message deletions were not limited to the current...

CVE-2021-36396

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF...

CVE-2021-36394

In Moodle, a remote code execution risk was identified in the Shibboleth authentication...

CVE-2022-40313

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to...

CVE-2020-1691

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site...

Wavlink WN-533A8 - Cross-Site Scripting

Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page...

CVE-2021-36401

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS...

CVE-2021-36403

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing...

CVE-2021-36392

In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled...

CVE-2022-37059

Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login...

CVE-2024-5293

D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The...

CVE-2024-5291

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The...

CVE-2024-5292

D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on...

glpi -- SQL injection for all usages of "Clone" feature

MITRE Corporation reports: In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in...