CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0522 – Allegro RomPager HTTP POST Request cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-0522
14 Jan 2024 — A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. • https://vuldb.com/?ctiid.250692 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 0CVE-2014-9223
https://notcve.org/view.php?id=CVE-2014-9223
24 Dec 2014 — Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization. Desbordamiento de buffer múltiple en AllegroSoft RomPager, utilizado en productos Huawei Home Gateway y otros proveedores y productos, permite a atacantes remotos causar una denegación de servicio o la posibilidad de ejecutar código arbitrario a través... • http://mis.fortunecook.ie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 86%CPEs: 1EXPL: 4CVE-2014-9222 – Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Scanner
https://notcve.org/view.php?id=CVE-2014-9222
24 Dec 2014 — AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability. AllegroSoft RomPager 4.34 y anteriores, utilizado en productos Huawei Home Gateway y otros proveedores y productos, permite a atacantes remotos obtener privilegios a través de una cookie modificada que provoca una corrupción en memoria, también conocido como la... • https://packetstorm.news/files/id/181134 • CWE-17: DEPRECATED: Code •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 2CVE-2013-6786
https://notcve.org/view.php?id=CVE-2013-6786
16 Jan 2014 — Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sou... • http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •