Max CVSS 10.0 Min CVSS 3.5 Total Count332
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6936 3.5
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.
21-02-2018 - 17:29 21-02-2018 - 17:29
CVE-2017-12718 6.8
A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffe
15-02-2018 - 05:29 15-02-2018 - 05:29
CVE-2018-0101 10.0
A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vuln
29-01-2018 - 15:29 29-01-2018 - 15:29
CVE-2018-5720 6.8
An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that mod
29-01-2018 - 00:29 29-01-2018 - 00:29
CVE-2018-5997 10.0
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code ex
25-01-2018 - 12:29 25-01-2018 - 12:29
CVE-2018-6190 3.5
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
24-01-2018 - 16:29 24-01-2018 - 16:29
CVE-2018-5319 5.0
RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request.
24-01-2018 - 10:29 24-01-2018 - 10:29
CVE-2017-2741 10.0
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
23-01-2018 - 11:29 23-01-2018 - 11:29
CVE-2018-6000 10.0
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and lau
22-01-2018 - 15:29 22-01-2018 - 15:29
CVE-2018-5999 10.0
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
22-01-2018 - 15:29 22-01-2018 - 15:29
CVE-2018-5726 5.0
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings.
16-01-2018 - 17:29 16-01-2018 - 17:29
CVE-2018-5725 5.0
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.
16-01-2018 - 17:29 16-01-2018 - 17:29
CVE-2018-5724 10.0
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.
16-01-2018 - 17:29 16-01-2018 - 17:29
CVE-2018-5723 10.0
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
16-01-2018 - 17:29 16-01-2018 - 17:29
CVE-2017-16887 5.0
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.
12-01-2018 - 12:29 12-01-2018 - 12:29
CVE-2017-16886 6.8
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the
12-01-2018 - 12:29 12-01-2018 - 12:29
CVE-2017-16885 5.0
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The
12-01-2018 - 12:29 12-01-2018 - 12:29
CVE-2018-5347 10.0
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
11-01-2018 - 20:29 11-01-2018 - 20:29
CVE-2017-17867 9.0
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB s
04-01-2018 - 14:29 04-01-2018 - 14:29
CVE-2017-17411 10.0
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0 WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issu
21-12-2017 - 09:29 21-12-2017 - 09:29
CVE-2017-17739 7.5
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
18-12-2017 - 01:29 18-12-2017 - 01:29
CVE-2017-17738 6.4
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.
18-12-2017 - 01:29 18-12-2017 - 01:29
CVE-2017-17737 4.3
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.
18-12-2017 - 01:29 18-12-2017 - 01:29
CVE-2017-17538 7.8
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.
13-12-2017 - 04:29 13-12-2017 - 04:29
CVE-2017-15944 7.5
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
11-12-2017 - 12:29 11-12-2017 - 12:29
CVE-2017-16953 5.0
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
01-12-2017 - 12:29 01-12-2017 - 12:29
CVE-2017-16902 7.8
On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
20-11-2017 - 13:29 20-11-2017 - 13:29
CVE-2017-16843 3.5
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
16-11-2017 - 16:29 16-11-2017 - 16:29
CVE-2017-16249 7.8
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print
09-11-2017 - 21:29 09-11-2017 - 21:29
CVE-2017-13772 9.0
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6C
23-10-2017 - 14:29 23-10-2017 - 14:29
CVE-2017-15291 4.3
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.
20-10-2017 - 13:29 20-10-2017 - 13:29
CVE-2014-9118 9.0
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
17-10-2017 - 12:29 17-10-2017 - 12:29
CVE-2014-8357 4.0
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backup
17-10-2017 - 12:29 17-10-2017 - 12:29
CVE-2017-15287 4.3
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
12-10-2017 - 11:29 12-10-2017 - 11:29
CVE-2015-4685 4.4
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2015-4684 5.5
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2015-4683 7.5
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2015-4682 4.0
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2015-4681 7.2
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
19-09-2017 - 15:29 19-09-2017 - 15:29
CVE-2017-6315 10.0
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
19-09-2017 - 13:29 19-09-2017 - 13:29
CVE-2017-14244 10.0
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi a
17-09-2017 - 15:29 17-09-2017 - 15:29
CVE-2017-14243 10.0
An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload
17-09-2017 - 15:29 17-09-2017 - 15:29
CVE-2017-3133 4.3
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
11-09-2017 - 22:29 11-09-2017 - 22:29
CVE-2017-3132 4.3
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
11-09-2017 - 22:29 11-09-2017 - 22:29
CVE-2017-3131 3.5
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
11-09-2017 - 22:29 11-09-2017 - 22:29
CVE-2017-14219 4.3
XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The at
07-09-2017 - 18:29 07-09-2017 - 18:29
CVE-2017-14147 7.5
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute
07-09-2017 - 10:29 07-09-2017 - 10:29
CVE-2017-13713 6.5
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.
07-09-2017 - 09:29 07-09-2017 - 09:29
CVE-2015-7259 9.0
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and pass
24-08-2017 - 16:29 24-08-2017 - 16:29
CVE-2015-7258 9.0
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
24-08-2017 - 16:29 24-08-2017 - 16:29
CVE-2015-7257 8.5
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from
24-08-2017 - 16:29 24-08-2017 - 16:29
CVE-2017-12786 10.0
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug wh
22-08-2017 - 13:29 22-08-2017 - 13:29
CVE-2017-12785 10.0
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role)
22-08-2017 - 13:29 22-08-2017 - 13:29
CVE-2015-2857 7.5
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
22-08-2017 - 11:29 22-08-2017 - 11:29
CVE-2017-12784 5.0
In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2017-12943 5.0
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
18-08-2017 - 11:29 18-08-2017 - 11:29
CVE-2017-11155 5.0
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-11154 6.5
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-11153 7.5
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-11152 5.0
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-11151 7.5
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-11320 4.3
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
03-08-2017 - 04:29 03-08-2017 - 04:29
CVE-2017-11494 7.5
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
02-08-2017 - 10:29 02-08-2017 - 10:29
CVE-2016-10401 9.0
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
25-07-2017 - 14:29 25-07-2017 - 14:29
CVE-2015-2280 9.0
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.
24-07-2017 - 21:29 24-07-2017 - 21:29
CVE-2015-2279 10.0
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, w
24-07-2017 - 21:29 24-07-2017 - 21:29
CVE-2017-6320 9.0
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell
18-07-2017 - 10:29 18-07-2017 - 10:29
CVE-2017-6736 9.0
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on
17-07-2017 - 17:29 17-07-2017 - 17:29
CVE-2017-9675 7.8
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.
15-06-2017 - 15:29 15-06-2017 - 15:29
CVE-2014-8687 10.0
Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
08-06-2017 - 12:29 08-06-2017 - 12:29
CVE-2017-9100 8.3
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.
21-05-2017 - 00:29 21-05-2017 - 00:29
CVE-2017-5174 7.5
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access contr
18-05-2017 - 23:29 18-05-2017 - 23:29
CVE-2017-5173 10.0
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are
18-05-2017 - 23:29 18-05-2017 - 23:29
CVE-2017-6622 10.0
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security
18-05-2017 - 15:29 18-05-2017 - 15:29
CVE-2017-7240 5.0
An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to explo
05-05-2017 - 21:29 24-03-2017 - 11:59
CVE-2015-7247 7.8
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain se
28-04-2017 - 14:49 24-04-2017 - 14:59
CVE-2015-7246 10.0
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
28-04-2017 - 14:33 24-04-2017 - 14:59
CVE-2015-7245 5.0
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
28-04-2017 - 13:47 24-04-2017 - 14:59
CVE-2015-8256 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
24-04-2017 - 20:40 17-04-2017 - 12:59
CVE-2017-7462 7.5
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
18-04-2017 - 11:59 11-04-2017 - 11:59
CVE-2017-7461 6.8
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML
18-04-2017 - 11:56 11-04-2017 - 11:59
CVE-2017-6206 5.0
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vecto
17-04-2017 - 21:59 23-02-2017 - 01:59
CVE-2017-7588 10.0
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC
17-04-2017 - 11:44 12-04-2017 - 06:59
CVE-2017-7185 5.0
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash
14-04-2017 - 21:07 10-04-2017 - 11:59
CVE-2015-8258 7.8
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
13-04-2017 - 15:57 09-04-2017 - 23:59
CVE-2015-8255 6.8
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
13-04-2017 - 14:59 09-04-2017 - 23:59
CVE-2017-6019 7.8
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
13-04-2017 - 12:13 07-04-2017 - 18:59
CVE-2017-0561 10.0
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the
12-04-2017 - 16:43 07-04-2017 - 18:59
CVE-2017-6884 9.0
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors t
12-04-2017 - 14:29 06-04-2017 - 13:59
CVE-2017-7398 6.8
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by chang
11-04-2017 - 11:04 04-04-2017 - 10:59
CVE-2014-1677 5.0
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
11-04-2017 - 09:36 03-04-2017 - 11:59
CVE-2017-0569 7.6
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privilege
10-04-2017 - 21:59 07-04-2017 - 18:59
CVE-2017-5671 7.2
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak
10-04-2017 - 14:33 29-03-2017 - 10:59
CVE-2017-3881 10.0
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privi
06-04-2017 - 21:59 17-03-2017 - 18:59
CVE-2017-6549 9.3
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N
05-04-2017 - 21:59 09-03-2017 - 04:59
CVE-2017-6548 10.0
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, an
05-04-2017 - 21:59 09-03-2017 - 04:59
CVE-2017-6547 4.3
Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-A
05-04-2017 - 21:59 09-03-2017 - 04:59
CVE-2017-6366 6.8
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dn
29-03-2017 - 10:03 15-03-2017 - 10:59
CVE-2014-7279 10.0
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
28-03-2017 - 09:46 23-03-2017 - 13:59
CVE-2017-5227 5.0
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
27-03-2017 - 21:59 23-03-2017 - 12:59
CVE-2017-6896 6.5
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.
24-03-2017 - 21:59 14-03-2017 - 16:59
CVE-2017-6443 4.3
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
16-03-2017 - 14:17 15-03-2017 - 11:59
CVE-2017-6552 7.8
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, result
14-03-2017 - 21:59 09-03-2017 - 04:59
CVE-2017-6444 7.8
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After th
14-03-2017 - 15:00 12-03-2017 - 00:59
CVE-2017-6351 9.3
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device wi
13-03-2017 - 11:00 05-03-2017 - 21:59
CVE-2016-6255 5.0
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
08-03-2017 - 12:30 07-03-2017 - 11:59
CVE-2017-6411 6.8
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
07-03-2017 - 21:59 06-03-2017 - 01:59
CVE-2017-6334 9.0
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-20
07-03-2017 - 20:33 05-03-2017 - 21:59
CVE-2017-6077 10.0
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
01-03-2017 - 21:59 22-02-2017 - 18:59
CVE-2017-3807 8.0
A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insuf
28-02-2017 - 21:59 09-02-2017 - 12:59
CVE-2016-9244 5.0
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL
28-02-2017 - 21:59 09-02-2017 - 10:59
CVE-2016-10174 10.0
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
24-02-2017 - 07:47 29-01-2017 - 23:59
CVE-2014-2045 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in
26-01-2017 - 14:32 20-01-2017 - 10:59
CVE-2017-5521 4.3
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. Th
23-01-2017 - 14:14 17-01-2017 - 04:59
CVE-2014-6271 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
06-01-2017 - 22:00 24-09-2014 - 14:48
CVE-2016-1287 10.0
Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on AS
06-01-2017 - 11:15 11-02-2016 - 13:59
CVE-2013-5528 4.0
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug I
04-01-2017 - 09:52 10-10-2013 - 23:54
CVE-2014-6278 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force
02-01-2017 - 21:59 30-09-2014 - 06:55
CVE-2015-2051 10.0
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
30-12-2016 - 21:59 23-02-2015 - 12:59
CVE-2015-1389 4.3
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
30-12-2016 - 21:59 28-05-2015 - 10:59
CVE-2013-6343 10.0
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
30-12-2016 - 21:59 22-01-2014 - 00:22
CVE-2014-2962 7.8
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
23-12-2016 - 21:59 19-06-2014 - 06:50
CVE-2015-5374 7.8
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet mod
07-12-2016 - 22:10 18-07-2015 - 06:59
CVE-2015-3036 10.0
Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a lo
07-12-2016 - 22:08 20-05-2015 - 21:59
CVE-2015-6018 10.0
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
07-12-2016 - 13:17 31-12-2015 - 00:59
CVE-2015-5999 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password
07-12-2016 - 13:17 18-11-2015 - 11:59
CVE-2016-1525 7.8
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
05-12-2016 - 22:07 12-02-2016 - 21:59
CVE-2016-1524 8.3
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP fi
05-12-2016 - 22:07 12-02-2016 - 21:59
CVE-2016-0862 4.0
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
05-12-2016 - 22:05 05-02-2016 - 06:59
CVE-2016-0861 9.0
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
05-12-2016 - 22:05 05-02-2016 - 06:59
CVE-2015-2805 6.8
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01,
02-12-2016 - 22:06 16-06-2015 - 12:59
CVE-2015-2797 10.0
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect
02-12-2016 - 22:06 19-06-2015 - 10:59
CVE-2015-2055 7.8
Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter.
29-11-2016 - 22:00 23-02-2015 - 12:59
CVE-2016-6367 6.8
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
28-11-2016 - 15:31 18-08-2016 - 14:59
CVE-2016-5680 9.0
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5679 9.0
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5678 10.0
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5677 5.0
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information v
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5676 5.0
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5675 10.0
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the N
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5674 10.0
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2015-8703 4.0
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a dif
28-11-2016 - 14:48 30-12-2015 - 00:59
CVE-2015-7252 4.3
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2015-7251 10.0
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2015-7250 7.8
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2015-7249 6.8
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc a
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2015-7248 5.0
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
28-11-2016 - 14:42 30-12-2015 - 00:59
CVE-2013-3623 10.0
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execu
28-11-2016 - 14:09 10-12-2013 - 11:11
CVE-2013-7043 8.3
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via
01-11-2016 - 14:22 10-12-2013 - 14:55
CVE-2013-7030 5.0
** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential f
01-11-2016 - 14:06 12-12-2013 - 12:55
CVE-2013-6976 6.8
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters,
15-09-2016 - 15:23 19-12-2013 - 17:55
CVE-2013-7136 9.3
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
09-09-2016 - 10:35 19-12-2013 - 17:55
CVE-2012-4891 4.3
Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this
06-09-2016 - 09:05 10-09-2012 - 18:55
CVE-2016-5639 5.0
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
15-08-2016 - 11:48 02-08-2016 - 21:59
CVE-2016-3962 7.5
Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with
08-07-2016 - 09:26 03-07-2016 - 10:59
CVE-2016-3989 8.5
The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows
07-07-2016 - 11:51 03-07-2016 - 10:59
CVE-2014-9583 10.0
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass au
30-06-2016 - 13:54 08-01-2015 - 15:59
CVE-2013-5755 10.0
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remot
26-05-2016 - 08:33 16-07-2014 - 10:19
CVE-2014-9727 10.0
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
06-04-2016 - 08:49 29-05-2015 - 11:59
CVE-2014-1635 10.0
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
31-03-2016 - 13:35 12-11-2014 - 11:55
CVE-2013-6023 7.8
Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firmware 3.2.0.P-3520A-00 and earlier allows remote attackers to read arbitrary files via .. (dot dot) in the URI.
31-03-2016 - 13:31 02-11-2013 - 17:55
CVE-2016-2278 9.0
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism
04-03-2016 - 12:25 02-03-2016 - 06:59
CVE-2015-3628 9.0
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WO
08-12-2015 - 16:03 07-12-2015 - 15:59
CVE-2015-2049 9.0
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
24-11-2015 - 11:54 23-02-2015 - 12:59
CVE-2015-6811 7.5
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
04-09-2015 - 14:59 04-09-2015 - 11:59
CVE-2014-4645 4.3
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
02-09-2015 - 13:16 25-06-2014 - 16:55
CVE-2014-3976 5.0
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sy
02-09-2015 - 13:01 05-06-2014 - 13:55
CVE-2013-6021 9.3
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.
27-07-2015 - 12:11 19-10-2013 - 06:36
CVE-2014-0620 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerou
24-07-2015 - 14:38 08-01-2014 - 10:30
CVE-2015-2866 7.5
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
09-07-2015 - 10:32 08-07-2015 - 10:59
CVE-2014-8653 4.3
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.
18-02-2015 - 13:04 06-11-2014 - 10:55
CVE-2014-8272 5.0
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-f
05-02-2015 - 15:13 19-12-2014 - 06:59
CVE-2014-2927 9.3
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, doe
26-01-2015 - 13:32 15-10-2014 - 10:55
CVE-2015-1028 3.5
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domainname parameter to dnsProxy.cmd (DNS Proxy Configur
26-01-2015 - 07:55 21-01-2015 - 10:28
CVE-2015-0554 9.4
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (devi
23-01-2015 - 15:43 21-01-2015 - 13:59
CVE-2014-9195 7.5
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.
22-01-2015 - 10:18 16-01-2015 - 21:59
CVE-2014-10019 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or
13-01-2015 - 19:24 13-01-2015 - 06:59
CVE-2014-10018 4.3
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
13-01-2015 - 19:24 13-01-2015 - 06:59
CVE-2014-9350 5.0
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm.
23-12-2014 - 12:12 08-12-2014 - 11:59
CVE-2014-8493 5.0
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
16-12-2014 - 22:00 20-11-2014 - 12:50
CVE-2014-9144 7.5
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
05-12-2014 - 20:41 05-12-2014 - 10:59
CVE-2014-9143 4.3
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.
05-12-2014 - 15:00 05-12-2014 - 10:59
CVE-2014-9142 4.3
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
05-12-2014 - 14:59 05-12-2014 - 10:59
CVE-2014-8657 5.0
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html.
06-11-2014 - 14:24 06-11-2014 - 10:55
CVE-2014-8656 10.0
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attacke
06-11-2014 - 14:20 06-11-2014 - 10:55
CVE-2014-8655 5.0
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData coo
06-11-2014 - 14:12 06-11-2014 - 10:55
CVE-2014-8654 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators f
06-11-2014 - 14:05 06-11-2014 - 10:55
CVE-2014-2937
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descr
05-11-2014 - 19:55 05-11-2014 - 19:55
CVE-2013-3304 5.0
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
31-10-2014 - 15:04 30-10-2014 - 10:55
CVE-2014-7281 6.8
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/
24-10-2014 - 09:02 23-10-2014 - 10:55
CVE-2012-1417 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.
17-09-2014 - 15:10 17-09-2014 - 10:55
CVE-2014-5246 10.0
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
27-08-2014 - 20:03 22-08-2014 - 10:55
CVE-2013-5758 9.0
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissio
04-08-2014 - 10:13 03-08-2014 - 14:55
CVE-2013-5757 4.0
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
04-08-2014 - 10:10 03-08-2014 - 14:55
CVE-2013-5756 4.0
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
04-08-2014 - 10:08 03-08-2014 - 14:55
CVE-2013-5759
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5758. Reason: This candidate is not an independent vulnerability; it is resultant from CVE-2013-5758. Notes: All CVE users should reference CVE-2013-5758 instead of this candidat
03-08-2014 - 14:55 03-08-2014 - 14:55
CVE-2014-4155 6.8
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/to
18-07-2014 - 01:24 19-06-2014 - 10:55
CVE-2014-4162 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to
17-07-2014 - 01:07 16-06-2014 - 14:55
CVE-2014-4154 5.0
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
16-07-2014 - 13:49 16-07-2014 - 10:19
CVE-2014-4018 7.8
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
16-07-2014 - 13:44 16-07-2014 - 10:19
CVE-2013-6117 7.5
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
14-07-2014 - 09:33 11-07-2014 - 15:55
CVE-2014-4716 6.8
Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity.
07-07-2014 - 09:57 03-07-2014 - 10:55
CVE-2014-3778 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns
20-06-2014 - 10:44 19-06-2014 - 10:55
CVE-2014-2084 8.5
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/c
13-06-2014 - 00:54 17-05-2014 - 15:55
CVE-2014-3220 9.0
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
23-05-2014 - 00:08 05-05-2014 - 13:06
CVE-2014-3792 6.8
Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005_retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewTools_Pas
21-05-2014 - 19:37 20-05-2014 - 10:55
CVE-2014-3138 6.5
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb
20-05-2014 - 00:14 01-05-2014 - 20:55
CVE-2014-2085
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2084. Reason: This issue was MERGED into CVE-2014-2084 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes:
17-05-2014 - 15:55 17-05-2014 - 15:55
CVE-2014-2976 5.0
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
16-05-2014 - 00:26 23-04-2014 - 11:55
CVE-2014-0621 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform
05-05-2014 - 11:23 08-01-2014 - 10:30
CVE-2014-0984 4.3
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtra
24-04-2014 - 01:04 17-04-2014 - 10:55
CVE-2013-7204 6.8
Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users.
22-04-2014 - 13:09 17-01-2014 - 10:18
CVE-2014-1982 10.0
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request
31-03-2014 - 13:57 31-03-2014 - 10:58
CVE-2013-1605 7.5
Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request.
26-03-2014 - 09:59 25-03-2014 - 14:21
CVE-2013-1604 5.0
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
26-03-2014 - 09:53 25-03-2014 - 14:21
CVE-2013-6922 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a cr
22-01-2014 - 14:49 21-01-2014 - 11:06
CVE-2013-6923 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.ph
10-01-2014 - 10:51 09-01-2014 - 13:55
CVE-2013-2751 10.0
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to th
13-12-2013 - 12:19 12-12-2013 - 13:55
CVE-2013-6852 6.8
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
22-11-2013 - 14:03 21-11-2013 - 20:55
CVE-2013-4630 7.6
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
02-11-2013 - 23:34 20-06-2013 - 11:55
CVE-2013-0126 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administ
07-10-2013 - 16:31 21-03-2013 - 16:55
CVE-2013-3614 9.3
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.
25-09-2013 - 14:07 17-09-2013 - 08:04
CVE-2013-3615 7.8
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.
17-09-2013 - 14:37 17-09-2013 - 08:04
CVE-2013-3613 7.8
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
17-09-2013 - 14:35 17-09-2013 - 08:04
CVE-2013-3612 10.0
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a stan
17-09-2013 - 12:15 17-09-2013 - 08:04
CVE-2012-2210 7.8
The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116.
08-09-2013 - 02:14 11-04-2012 - 06:39
CVE-2011-4716 5.0
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
22-08-2013 - 02:36 08-12-2011 - 14:55
CVE-2012-1308 6.8
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword paramet
23-07-2013 - 05:33 08-10-2012 - 14:55
CVE-2013-1606 7.5
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.
18-07-2013 - 00:00 18-07-2013 - 12:51
CVE-2013-1414 5.1
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) setting
08-07-2013 - 00:00 08-07-2013 - 13:55
CVE-2013-4631 7.8
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.
21-06-2013 - 12:22 20-06-2013 - 11:55
CVE-2012-1803 8.5
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address
20-05-2013 - 23:16 27-04-2012 - 20:55
CVE-2011-5262 7.5
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
13-02-2013 - 00:00 12-02-2013 - 15:55
CVE-2012-6050 6.4
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demon
28-11-2012 - 00:00 26-11-2012 - 23:49
CVE-2007-2586 9.3
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that i
29-10-2012 - 22:48 09-05-2007 - 20:19
CVE-2012-5319 6.8
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpas
09-10-2012 - 00:00 08-10-2012 - 14:55
CVE-2012-5320 6.8
Cross-site request forgery (CSRF) vulnerability in password.cgi in Sagem F@ST 2604 253180972B allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
09-10-2012 - 00:00 08-10-2012 - 14:55
CVE-2012-5306 9.3
Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute a
08-10-2012 - 00:00 06-10-2012 - 18:55
CVE-2012-2277 7.8
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch
28-09-2012 - 23:17 14-05-2012 - 18:55
CVE-2012-2276 7.8
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (
28-09-2012 - 23:17 14-05-2012 - 18:55
CVE-2012-4889 4.3
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab param
11-09-2012 - 12:50 10-09-2012 - 18:55
CVE-2012-4876 10.0
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
07-09-2012 - 00:00 06-09-2012 - 17:55
CVE-2012-4031 5.0
Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85.
24-08-2012 - 00:00 17-07-2012 - 17:55
CVE-2012-4362 4.0
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.
21-08-2012 - 14:24 20-08-2012 - 18:55
CVE-2012-2986 7.7
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists b
21-08-2012 - 00:00 20-08-2012 - 18:55
CVE-2012-4361 7.7
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
21-08-2012 - 00:00 20-08-2012 - 18:55
CVE-2012-4330 7.8
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.
15-08-2012 - 16:06 14-08-2012 - 18:55
CVE-2012-4329 7.8
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.
15-08-2012 - 16:03 14-08-2012 - 18:55
CVE-2012-0407 5.0
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.
13-08-2012 - 23:34 20-04-2012 - 00:02
CVE-2012-0406 7.8
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that
13-08-2012 - 23:33 20-04-2012 - 00:02
CVE-2006-2108 7.8
parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow.
06-08-2012 - 00:00 29-04-2006 - 06:02
CVE-2009-0695 7.5
hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.
26-06-2012 - 00:00 19-06-2012 - 16:55
CVE-2009-0693 7.5
Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.
20-06-2012 - 00:00 19-06-2012 - 16:55
CVE-2012-2441 8.5
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, an
30-04-2012 - 13:35 27-04-2012 - 20:55
CVE-2011-5010 10.0
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.
16-02-2012 - 23:10 24-12-2011 - 20:55
CVE-2011-2544 3.5
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-
13-02-2012 - 23:07 23-09-2011 - 06:55
CVE-2011-2543 9.0
Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long
13-02-2012 - 23:07 23-09-2011 - 06:55
CVE-2011-2577 7.8
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP
13-02-2012 - 00:00 31-08-2011 - 19:55
CVE-2010-1029 5.0
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (ap
26-01-2012 - 22:49 19-03-2010 - 17:30
CVE-2012-0902 5.0
AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader.
23-01-2012 - 10:24 20-01-2012 - 12:55
CVE-2011-0887 4.3
The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack o
21-09-2011 - 23:29 08-02-2011 - 17:00
CVE-2011-0886 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for
21-09-2011 - 23:29 08-02-2011 - 17:00
CVE-2011-0885 10.0
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) we
21-09-2011 - 23:29 08-02-2011 - 17:00
CVE-2011-0354 10.0
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an uns
21-09-2011 - 23:28 03-02-2011 - 11:00
CVE-2010-4107 7.8
The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the dev
21-09-2011 - 23:25 17-11-2010 - 11:00
CVE-2008-1160 7.5
ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.
31-03-2011 - 00:00 24-03-2008 - 20:44
CVE-2009-0545 10.0
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
07-03-2011 - 22:18 12-02-2009 - 18:30
CVE-2008-4876 4.3
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not proper
07-03-2011 - 22:13 01-11-2008 - 02:00
CVE-2008-4875 6.8
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be levera
07-03-2011 - 22:13 01-11-2008 - 02:00
CVE-2008-4874 5.0
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.
07-03-2011 - 22:13 01-11-2008 - 02:00
CVE-2008-4135 7.8
Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames.
07-03-2011 - 22:12 19-09-2008 - 13:15
CVE-2008-3571 7.8
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
07-03-2011 - 22:11 10-08-2008 - 16:41
CVE-2008-0680 7.8
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.
07-03-2011 - 22:05 11-02-2008 - 20:00
CVE-2008-0403 5.5
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.
07-03-2011 - 22:04 23-01-2008 - 07:00
CVE-2007-5036 5.0
Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service (HTTPS service outage) via a crafted query string in an HTTPS request to (1) adLog.cgi, (2) pos
07-03-2011 - 21:59 23-09-2007 - 20:17
CVE-2007-2270 7.8
The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
07-03-2011 - 21:53 25-04-2007 - 16:19
CVE-2007-0883 5.0
Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
07-03-2011 - 21:50 12-02-2007 - 15:28
CVE-2007-0528 9.0
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote a
07-03-2011 - 21:50 25-01-2007 - 20:28
CVE-2006-6538 7.8
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wi
07-03-2011 - 21:46 13-12-2006 - 21:28
CVE-2006-4523 5.0
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.
07-03-2011 - 21:41 01-09-2006 - 19:04
CVE-2006-4464 5.0
The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.
07-03-2011 - 21:40 31-08-2006 - 16:04
CVE-2006-0179 5.0
The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80.
07-03-2011 - 00:00 11-01-2006 - 16:03
CVE-2010-4507 9.3
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execut
12-01-2011 - 00:00 30-12-2010 - 14:00
CVE-2010-4231 7.8
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot)
18-11-2010 - 13:17 16-11-2010 - 20:00
CVE-2010-4230 9.3
Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argu
18-11-2010 - 00:00 16-11-2010 - 20:00
CVE-2010-4233 10.0
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes i
18-11-2010 - 00:00 16-11-2010 - 20:00
CVE-2010-4234 7.8
The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval.
18-11-2010 - 00:00 16-11-2010 - 20:00
CVE-2010-4232 10.0
The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as de
17-11-2010 - 00:00 16-11-2010 - 20:00
CVE-2010-2860 9.3
The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data
17-09-2010 - 01:48 05-08-2010 - 09:22
CVE-2009-4753 7.1
Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command.
21-06-2010 - 00:00 29-03-2010 - 14:30
CVE-2010-2307 5.0
Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot
17-06-2010 - 00:00 16-06-2010 - 16:30
CVE-2010-1226 5.0
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to
02-04-2010 - 00:00 01-04-2010 - 18:30
CVE-2010-0936 4.3
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
08-03-2010 - 00:00 08-03-2010 - 10:30
CVE-2009-4196 4.3
Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1;
17-12-2009 - 00:00 04-12-2009 - 06:30
CVE-2009-4197 4.7
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain t
04-12-2009 - 00:00 04-12-2009 - 06:30
CVE-2009-3962 7.8
The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, 2071, 2700HG, and 2701HG-T with software before 5.29.52 allows remote attackers to cause a denial of service (reboot) via a %0d%0a sequence in the page parameter to the xslt progra
18-11-2009 - 00:00 17-11-2009 - 13:30
CVE-2009-3322 7.8
The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723.
23-09-2009 - 00:00 23-09-2009 - 08:08
CVE-2009-3271 4.3
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
22-09-2009 - 12:37 21-09-2009 - 15:30
CVE-2009-2258 7.8
Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.
22-09-2009 - 00:00 30-06-2009 - 06:30
CVE-2008-1244 10.0
cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware 9.01.10 does not require authentication, which allows remote attackers to perform administrative actions, as demonstrated by changing a DNS server via the dns1_1, dns1_2, dns1_3, and
29-08-2009 - 01:12 10-03-2008 - 13:44
CVE-2008-6976 6.4
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
28-08-2009 - 00:00 19-08-2009 - 01:24
CVE-2008-7115 10.0
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe,
28-08-2009 - 00:00 28-08-2009 - 11:30
CVE-2008-7065 7.8
Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.
25-08-2009 - 00:00 25-08-2009 - 06:30
CVE-2008-4380 7.8
The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.
19-08-2009 - 01:19 01-10-2008 - 11:38
CVE-2008-6975 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the
18-08-2009 - 00:00 14-08-2009 - 11:16
CVE-2009-2765 8.3
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.
17-08-2009 - 00:00 14-08-2009 - 11:16
CVE-2009-2766 7.5
httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests.
15-08-2009 - 00:00 14-08-2009 - 11:16
CVE-2008-6974 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2)
14-08-2009 - 00:00 14-08-2009 - 11:16
CVE-2008-6916 10.0
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
10-08-2009 - 00:00 07-08-2009 - 15:00
CVE-2008-6605 6.8
Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet c
23-07-2009 - 00:00 06-04-2009 - 10:30
CVE-2009-2306 7.5
The ARD-9808 DVR card security camera stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing usernames and passwords via a direct request for dvr.ini.
02-07-2009 - 12:12 02-07-2009 - 06:30
CVE-2009-2305 7.8
The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.
02-07-2009 - 00:00 02-07-2009 - 06:30
CVE-2009-2256 7.8
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.
30-06-2009 - 00:00 30-06-2009 - 06:30
CVE-2009-2257 7.8
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) fo
30-06-2009 - 00:00 30-06-2009 - 06:30
CVE-2009-0649 7.8
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
25-06-2009 - 00:00 20-02-2009 - 13:30
CVE-2008-6824 10.0
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.
23-06-2009 - 01:30 04-06-2009 - 12:30
CVE-2008-6823 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that
11-06-2009 - 00:00 04-06-2009 - 12:30
CVE-2009-0393 3.5
Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.
21-04-2009 - 00:00 02-02-2009 - 20:30
CVE-2009-1227 10.0
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a
08-04-2009 - 01:37 02-04-2009 - 11:30
CVE-2009-1152 7.3
Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly other versions, allows remote attackers to cause a denial of service (device restart and loss of configuration) by connecting to TCP port 53, then closing the connection.
26-03-2009 - 00:00 26-03-2009 - 10:30
CVE-2009-0680 7.8
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
23-02-2009 - 00:00 22-02-2009 - 17:30
CVE-2009-0392 6.8
Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.
03-02-2009 - 00:00 02-02-2009 - 20:30
CVE-2008-1094 6.5
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals actio
29-01-2009 - 01:46 19-12-2008 - 12:30
CVE-2008-4295 5.4
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot
18-11-2008 - 02:21 27-09-2008 - 06:30
CVE-2007-6702 5.0
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than C
15-11-2008 - 02:06 04-03-2008 - 14:44
CVE-2007-6638 10.0
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
15-11-2008 - 02:05 03-01-2008 - 19:46
CVE-2008-1242 10.0
The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticat
11-10-2008 - 01:51 10-03-2008 - 13:44
CVE-2008-1247 10.0
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.t
10-09-2008 - 21:07 10-03-2008 - 13:44
CVE-2008-1245 7.8
cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header.
05-09-2008 - 17:37 10-03-2008 - 13:44
CVE-2008-0804 6.8
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.
05-09-2008 - 17:36 18-02-2008 - 19:00
CVE-2007-5583 7.8
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerabilit
05-09-2008 - 17:31 17-12-2007 - 20:46
CVE-2006-5202 5.0
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout pa
05-09-2008 - 17:11 10-10-2006 - 00:06
Back to Top Mark selected
Back to Top