Dlink DIR-600L Hardware Version AX Firmware Version 1.00 - CSRF Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Dlink DIR-600L Hardware Version AX Firmware Version 1.00 CSRF Vulnerability Google Dork: N/A Date: 20/03/2014 Exploit Author: Dhruv Shah Vendor Homepage:...

D-Link DIR-600L Cross Site Request Forgery

Exploit Title: Dlink DIR-600L Hardware Version AX Firmware Version 1.00 CSRF Vulnerability Google Dork: N/A Date: 20/03/2014 Exploit Author: Dhruv Shah Vendor Homepage: http://www.dlink.com/us/en/home-solutions/connect/routers/dir-600l-wireless-n-150-home-cloud-router Software Link: N/A Hardware...

USN-2134-1: Linux kernel (OMAP4) vulnerabilities

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. CVE-2013-4579 Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine KVM...

Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2129-1)

An information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. CVE-2013-0160 Vasily Kulikov reported a flaw in the...

A10 Networks Loadbalancer - Directory Traversal

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- A10 Networks Loadbalancer SoftAX /xml/downloads/?filename=/a10data/tmp/. By sending a GET request to "https:///xml/downloads/?filename=/a10data/tmp/../.." and thus keeping /a10data/tmp,...

A10 Networks AX Loadbalancer Directory Traversal

This module exploits a directory traversal flaw found in A10 Networks Soft AX Loadbalancer version 2.6.1-GR1-P5/2.7.0 or less. When handling a file download request, the xml/downloads class fails to properly check the 'filename' parameter, which can be abused to read any file outside the virtual...

A10 Networks Loadbalancer Directory Traversal

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- A10 Networks Loadbalancer SoftAX /xml/downloads/?filename=/a10data/tmp/. By sending a GET request to "https:///xml/downloads/?filename=/a10data/tmp/../.." and thus keeping /a10data/tmp,...

Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A

Today we’re publishing the January 2014 Security Bulletin Webcast Questions & Answers page. We answered 16 questions in total, with the majority of questions focusing on the Dynamics AX bulletin MS14-004, the update for Microsoft Word MS14-001 and the re-release of the Windows 7 and Windows Serve...

CVE-2014-0261

Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service instance outage via crafted data to an Application Object Server AOS instance, aka "Query Filter DoS Vulnerability."...

Design/Logic Flaw

Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service instance outage via crafted data to an Application Object Server AOS instance, aka "Query Filter DoS Vulnerability."...

CVE-2014-0261

CVE-2014-0261 affects Microsoft Dynamics AX platforms: 4.0 SP2, 2009 SP1, 2012, and 2012 R2. The issue is a remote denial of service via crafted data to the Application Object Server (AOS), also called the Query Filter DoS vulnerability. Exploitation requires remote authenticated access. Impact i...

CVE-2014-0261

Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service instance outage via crafted data to an Application Object Server AOS instance, aka "Query Filter DoS Vulnerability."...

Microsoft Dynamics AX DoS

Query filter hangs on request processing...

Microsoft January 2014 Patch Tuesday Security Updates

Microsoft is entering softly into 2014 with a minimalist version of Patch Tuesday, which is likely to be a welcome reprieve. Windows shops can expect a busy re-tooling year ahead as Microsoft not only ends support—including security updates—for Windows XP, but also will restrict the use of MD5 in...

Microsoft Releases January 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of...

KLA10606 Denial of service vulnerability in Microsoft Dynamics AX

An unspecified vulnerability was found in Dynamics AX. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed data. Original advisories CVE-2014-0261 Related products Microsoft-Dynamics-AX CVE list...

MS14-004: Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)

The version of Microsoft Dynamics AX installed on the remote host has a denial of service vulnerability in the Application Object Server instance. By exploiting this flaw, a remote, authenticated attacker could crash the affected service. C Tenable Network Security, Inc. include'compat.inc'; if...

MS14-004: Vulnerability in Microsoft Dynamics AX could allow denial of service: January 14, 2014

Resolves a vulnerability in Microsoft Dynamics AX that could allow denial of service if an authenticated attacker submits specially crafted data to an affected Dynamics AX server. An attacker who successfully exploited this vulnerability could cause the target Dynamics AX server to stop respondin...

Microsoft Dynamics AX CVE-2014-0261 Remote Denial of Service Vulnerability

Description Microsoft Dynamics AX is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application to crash or become unresponsive, denying service to legitimate users. Technologies Affected Microsoft Dynamics AX 2009 Service Pack 1 Microsoft Dynami...

Microsoft Releases Advance Notification for January Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating its January release will contain four bulletins. These bulletins will have the severity rating of important and will be for Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, a multi-language,...