|
272901
|
8.6 |
HIGH
Network
|
zyxel
|
gs1900-10hp_firmware
|
Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by pred…
|
NVD-CWE-Other
|
CVE-2015-5987
|
2024-11-21 11:34 |
2016-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272902
|
8.0 |
HIGH
Adjacent
|
zyxel
|
pmg5318-b20a_firmware
|
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6020
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272903
|
8.5 |
HIGH
Network
|
zyxel
|
pmg5318-b20a_firmware
|
The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by…
|
NVD-CWE-Other
|
CVE-2015-6019
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272904
|
9.8 |
CRITICAL
Network
|
zyxel
|
pmg5318-b20a_firmware
|
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-6018
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272905
|
6.1 |
MEDIUM
Network
|
zyxel
|
p-660hw-t1_v2_firmware
|
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via t…
|
CWE-79
Cross-site Scripting
|
CVE-2015-6017
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272906
|
9.8 |
CRITICAL
Network
|
zyxel
|
nbg-418n
zynos_firmware
pmg5318-b20a_firmware
|
ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows re…
|
CWE-255
Credentials Management
|
CVE-2015-6016
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272907
|
8.8 |
HIGH
Network
|
mediabridge
|
medialink_mwn-wapr300n_firmware
|
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2015-5996
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272908
|
9.8 |
CRITICAL
Network
|
tenda
mediabridge
|
n3_wireless_n150
medialink_mwn-wapr300n_firmware
|
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Coo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5995
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272909
|
6.8 |
MEDIUM
Adjacent
|
mediabridge
|
medialink_mwn-wapr300n_firmware
|
The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the media…
|
CWE-255
Credentials Management
|
CVE-2015-5994
|
2024-11-21 11:34 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272910
|
6.5 |
MEDIUM
Network
|
progress
|
whatsup_gold
|
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.a…
|
CWE-89
SQL Injection
|
CVE-2015-6004
|
2024-11-21 11:34 |
2015-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
