CVE-2008-0403

The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi...

CVE-2008-0403

The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi...

Design/Logic Flaw

Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the 1 GMaddStyle, 2 GMlog, 3 GMopenInTab, 4 GMsetValue, 5 GMgetValue, o...

CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...

Cross Site Request Forgery in 2wire routers

Cross Site Request Forgery in 2wire routers Vulnerable Routers: 1701HG, 2071 Gateway Software: v3.17.5, 5.29.51 Password Not Set default Greetz a la Comunidad Underground de Mйxico, y a los que me ayudaron a probarlo: Preth00nker, nitr0us, ... [email protected] I. Background ------------- This is the...

CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors...

CVE-2007-2371

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service loss of configuration data, and possibly perform direct static code injection, via a saveGlobalconfig...

CVE-2007-2371

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service loss of configuration data, and possibly perform direct static code injection, via a saveGlobalconfig...

Default credentials

Cisco Network Services CNS NetFlow Collection Engine NFC before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system...

Zend Platform 2.2.1 - PHP.INI File Modification

Zend Platform 2.2.1 - PHP.INI File Modification source: https://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' progra...

CVE-2006-5905

Web Directory Pro allows remote attackers to 1 backup the database and obtain the backup via a direct request to admin/backupdb.php or 2 modify configuration via a direct request to admin/options.php...

CVE-2006-5905

Web Directory Pro is affected by CVE-2006-5905. The vulnerability allows remote attackers to perform two unauthorized actions via direct requests to admin/backup_db.php and admin/options.php: (1) backup the database and obtain the backup file, and (2) modify configuration. The CVSS metrics indica...

CVE-2002-2218

CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system SIPS before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value...

Linksys multiple remote vulnerabilities

The remote router is affected by multiple flaws. Description : The remote host appears to be a Linksys WRT54G Wireless Router. The firmware version installed on the remote host is prone to several flaws, - Execute arbitrary commands on the affected router with root privilages. - Download and...

CVE-2006-1002

NETGEAR WGT624 Wireless DSL router has a default account of superusername "Gearguy" and superpasswd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers...

CVE-2005-4082

The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks...

CVE-2005-3723

Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to 1 SNMP or 2 TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service...

CVE-2004-2556

CVE-2004-2556 affects NetGear WG602 (WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67, which contain a hardcoded administrator account (username: super, password: 5777364). This flaw allows remote attackers to modify the device configuration. The issue is rooted in a hardcoded credential...