CyberSecurityBoard
Sponsor Register Login

CVE-2024-0291

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

This Cyber News was published on www.tenable.com. Publication date: Mon, 08 Jan 2024 04:41:03 +0000


Cyber News related to CVE-2024-0291

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
4 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
11 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
8 months ago Tenable.com
CVE-2024-0291 - A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command ...
1 year ago Tenable.com
CVE-2017-0291 - Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code ...
5 years ago
CVE-2017-0292 - Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code ...
5 years ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - Google has rolled out an urgent security update for Chrome, addressing four high-severity vulnerabilities that could allow attackers to execute malicious code or compromise user data. The update, Chrome version 133.0.6943.98/.99 for Windows/Mac and ...
6 days ago Cybersecuritynews.com
CVE-2001-0291 - Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. ...
19 years ago
CVE-2000-0291 - Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document. ...
16 years ago
CVE-2002-0291 - Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time. ...
8 years ago
CVE-2003-0291 - 3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets. ...
7 years ago
CVE-2004-0291 - SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter. ...
7 years ago
CVE-2021-0291 - An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which ...
2 years ago
CVE-2005-0291 - Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. ...
7 years ago
CVE-2006-0291 - Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and ...
7 years ago
CVE-2007-0291 - Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02. ...
7 years ago
CVE-2011-0291 - The BlackBerry PlayBook service on the Research In Motion (RIM) BlackBerry PlayBook tablet with software before 1.0.8.6067 allows local users to gain privileges via a crafted configuration file in a backup archive. ...
7 years ago
CVE-2012-0291 - Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution ...
7 years ago
CVE-2016-0291 - IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302. ...
6 years ago
CVE-2009-0291 - Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter. ...
6 years ago
CVE-2008-0291 - SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. ...
6 years ago
CVE-2013-0291 - NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability ...
5 years ago
CVE-2019-0291 - Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted. ...
4 years ago
CVE-2020-0291 - In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised Firmware needed. User interaction is not needed for ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)