Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dreambox vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2017-14135
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.
Dreambox Opendreambox 2.0
7.8
CVSSv2
CVE-2008-3936
The web interface in Dreambox DM500C allows remote malicious users to cause a denial of service (application hang) via a long URI.
Dreambox Dm500c
5
CVSSv2
CVE-2011-4716
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and previous versions allows remote malicious users to read arbitrary files via the file parameter.
Dream-multimedia-tv Dreambox Dm800 Hd Se Firmware
Dream-multimedia-tv Dreambox Dm800 Hd Se Firmware 1.5
Dream-multimedia-tv Dreambox Dm800 Hd Se -
Dream-multimedia-tv Dreambox Dm800 Hd Pvr Firmware 1.5
Dream-multimedia-tv Dreambox Dm800 Hd Pvr Firmware 1.6
Dream-multimedia-tv Dreambox Dm800 Hd Pvr -
3 EDB exploits
4.3
CVSSv2
CVE-2017-15287
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
Bouqueteditor Project Bouqueteditor 2.0.0
1 EDB exploit
4.3
CVSSv2
CVE-2015-4714
Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote malicious users to inject arbitrary web script or HTML via the mode parameter to /body.
Dream-multimedia-tv Dreambox Dm500-s Firmware
NA
CVE-2022-43644
This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd serv...
Dlink Dir-825\\/ee Firmware
Dlink Dir-825\\/ac Firmware
NA
CVE-2022-40720
This vulnerability allows network-adjacent malicious users to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd se...
Dlink Dir-2150 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started