Show filters
49 Total Results
Displaying 1-10 of 49
Sort by:
Attacker Value
Unknown
CVE-2025-21194
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
Microsoft Surface Security Feature Bypass Vulnerability
0
Attacker Value
Unknown
CVE-2023-35037
Disclosure Date: December 13, 2024 (last updated December 18, 2024)
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through 1.3.2.357.
0
Attacker Value
Unknown
CVE-2024-49299
Disclosure Date: October 17, 2024 (last updated October 18, 2024)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502.
0
Attacker Value
Unknown
CVE-2024-23618
Disclosure Date: January 26, 2024 (last updated February 01, 2024)
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.
0
Attacker Value
Unknown
CVE-2023-35194
Disclosure Date: October 11, 2023 (last updated October 19, 2023)
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`.
0
Attacker Value
Unknown
CVE-2023-35193
Disclosure Date: October 11, 2023 (last updated October 19, 2023)
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.
0
Attacker Value
Unknown
CVE-2023-34356
Disclosure Date: October 11, 2023 (last updated October 19, 2023)
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0
Attacker Value
Unknown
CVE-2023-34354
Disclosure Date: October 11, 2023 (last updated October 18, 2023)
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0
Attacker Value
Unknown
CVE-2023-28381
Disclosure Date: October 11, 2023 (last updated October 19, 2023)
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0
Attacker Value
Unknown
CVE-2023-27380
Disclosure Date: October 11, 2023 (last updated October 19, 2023)
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0
