[CLOSE] OSVDB ID : 73292 - Disclosed: 2011-06-10

Description:

(Description Provided by CVE) : The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

[CLOSE] OSVDB ID : 43038 - Disclosed: 2008-02-27

Description:

(Description Provided by CVE) : dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

[CLOSE] OSVDB ID : 72896 - Disclosed: 2007-03-17

Description:

(Description Provided by CVE) : The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.

[CLOSE] OSVDB ID : 56165 - Disclosed: 2009-04-16

Description:

(Description Provided by CVE) : The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.

[CLOSE] OSVDB ID : 48990 - Disclosed: 2008-10-06

Description:

(Description Provided by CVE) : The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.

[CLOSE] OSVDB ID : 13446 - Disclosed: 2005-01-31

Description:

(Description Provided by CVE) : D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.

[CLOSE] OSVDB ID : 32279 - Disclosed: 2006-12-14

Description:

(Description Provided by CVE) : Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).

[CLOSE] OSVDB ID : 69883 - Disclosed: 2010-12-11

Description:

D-Bus contains a flaw that may allow a local denial of service. The issue is triggered when an error when processing messages containing nested variants is exploited to cause a stack overflow, leading to a loss of availability.

[CLOSE] OSVDB ID : 50644 - Disclosed: 2008-12-05

Description:

(Description Provided by CVE) : The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

[CLOSE] OSVDB ID : 59448 - Disclosed: 2003-02-16

Description:

D-Forum contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'footer.php3' script not properly sanitizing user input supplied to the 'my_footer' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 59447 - Disclosed: 2003-02-16

Description:

D-Forum contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'header.php3' script not properly sanitizing user input supplied to the 'my_header' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 14355 - Disclosed: 2005-03-03

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.

[CLOSE] OSVDB ID : 48017 - Disclosed: 2008-09-11

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.

[CLOSE] OSVDB ID : 62589 - Disclosed: 2009-08-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 17029 - Disclosed: 2005-05-26

Description:

(Description Provided by CVE) : D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.

[CLOSE] OSVDB ID : 16691 - Disclosed: 2005-05-19

Description:

(Description Provided by CVE) : D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.

[CLOSE] OSVDB ID : 55108 - Disclosed: 2003-05-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25787 - Disclosed: 2006-05-27

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.

[CLOSE] OSVDB ID : 79222 - Disclosed: 2012-01-31

Description:

D-Link DAP-1150 contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions of multiple functions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into changing the administrator's password, rebooting the device, or changing the device configuration in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 66164 - Disclosed: 2010-05-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 67152 - Disclosed: 2010-05-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66165 - Disclosed: 2010-05-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 55938 - Disclosed: 2009-03-22

Description:

By default, D-Link DAP1353 routers install with a default password for SSH administration. The 'admin' account has a password of 'adminpasswd' which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 76807 - Disclosed: 2011-09-27

Description:

By default, D-Link DCS-2121 installs with a default password. The root account has a password of admin which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 76806 - Disclosed: 2011-09-10

Description:

(Description Provided by CVE) : recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.

[CLOSE] OSVDB ID : 9401 - Disclosed: 2004-08-31

Description:

The D-Link DCS-900 internet camera contains a flaw that may allow a malicious user to remotely change the camera IP address. The issue is triggered when a malicious user sends specially crafted UDP packets to the camera bypassing authentication. It is possible that the flaw may allow the user to change configuration options such as the IP address of the camera resulting in a loss of confidentiality and/or availability.

[CLOSE] OSVDB ID : 88378 - Disclosed: 2012-12-12

Description:

D-Link DCS-932L IP Camera contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the device containing a static encryption key that can be decrypted via the vendor's 'wizard' software. This may allow a remote attacker to gain access to device password information.

[CLOSE] OSVDB ID : 43033 - Disclosed: 2008-02-03

Description:

(Description Provided by CVE) : Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value.

[CLOSE] OSVDB ID : 43032 - Disclosed: 2008-02-03

Description:

(Description Provided by CVE) : Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value.

[CLOSE] OSVDB ID : 65500 - Disclosed: 2010-06-08

Description:

(Description Provided by CVE) : The Ping tools web interface in Dlink Di-604 router allows remote authenticated users to cause a denial of service via a large "ip textfield" size.