Page 2 of 11 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-1168

https://notcve.org/view.php?id=CVE-2016-1168

Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en dispositivos NEC Aterm WF800HP con firmware 1.0.17 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://jpn.nec.com/security-info/secinfo/nv16-004.html http://jvn.jp/en/jp/JVN07818796/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-1167

https://notcve.org/view.php?id=CVE-2016-1167

Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en dispositivos NEC Aterm WG300HP permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://jpn.nec.com/security-info/secinfo/nv16-005.html http://jvn.jp/en/jp/JVN82020528/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000036 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 97%CPEs: 62EXPL: 3

CVE-2014-8361 – Realtek SDK Improper Input Validation Vulnerability

https://notcve.org/view.php?id=CVE-2014-8361

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. • https://www.exploit-db.com/exploits/37169 http://jvn.jp/en/jp/JVN47580234/index.html http://jvn.jp/en/jp/JVN67456944/index.html http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 http://www.securityfocus.com/bid/74330 http://www.zerodayinitiative.com/advisories/ZDI-15-155 https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos https://web.archive.org/web/20150909230440/ •

CVSS: 3.7EPSS: 0%CPEs: 118EXPL: 0

CVE-2008-1142

https://notcve.org/view.php?id=CVE-2008-1142

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. Rxvt versión 2.6.4 abre una ventana terminal en :0 si no se establece la variable de entorno DISPLAY, lo que podría permitir a los usuarios locales secuestrar conexiones X11. NOTA: más tarde se informó que rxvt-unicode, mrxvt, aterm, multi-aterm y wterm también se ven afectados. • http://article.gmane.org/gmane.comp.security.oss.general/122 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29576 http://secunia.com/advisories/30224 http://secunia.com/advisories/30225 http://secunia.com/advisories/30226 http://secunia.com/advisories/30227 http://secunia.com/advisories/30229 http://secunia.com/advisories/31687 http://security.gentoo.org/glsa/glsa • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2003-0067

https://notcve.org/view.php?id=CVE-2003-0067

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://marc.info/?l=bugtraq&m=104612710031920&w=2 http://www.iss.net/security_center/static/11414.php •