Design/Logic Flaw

Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors...

CVE-2008-2824

Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors...

CVE-2008-2824

CVE-2008-2824 affects Xerox WorkCentre 7655/7665/7675 via the Extensible Interface Platform (EIP) Web Services. A remote attacker can request configuration changes through an unspecified vector. The NVD entry lists a CVSS v2 base score of 10.0 (HIGH) with network access, no authentication, and im...

Flat Calendar 1.1 - Multiple Administrative Scripts Authentication Bypass Vulnerabilities

Flat Calendar 1.1 - Multiple Administrative Scripts Authentication Bypass Vulnerabilities source: https://www.securityfocus.com/bid/29662/info Flat Calendar is prone to multiple authentication-bypass vulnerabilities because it fails to perform adequate authentication checks. An attacker can explo...

SNMP Version 3 Authentication Vulnerabilities

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 SNMPv3 feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network informati...

Linksys WRT54g authentication bypass

Configuration changes are applied without authentication through Web interface...

Airspan ProST WiMAX Device - Web Interface Authentication Bypass

Airspan ProST WiMAX Device - Web Interface Authentication Bypass source: https://www.securityfocus.com/bid/28122/info Airspan ProST WiMAX device is prone to an authentication-bypass vulnerability because it fails to perform adequate authentication checks in the web interface. An attacker can...

AirSpan WiMAX ProST web management interface authentication bypass vulnerability

Overview The AirSpan WiMAX ProST contains an authentication bypass vulnerability that could allow an unauthenticated, remote attacker to make arbitrary configuration changes. Description The AirSpan WiMAX ProST is customer premise equipment that provides WiMAX wireless networking. The web...

Design/Logic Flaw

admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes...

CVE-2008-0350

CVE-2008-0350 affects Evilsentinel 1.0.9 and earlier. Admin/index.php redirects without exiting, enabling remote attackers to gain administrative privileges and perform arbitrary configuration changes. The NVD entry notes a network-exposed vulnerability with partial impact to confidentiality, int...

CVE-2008-0350

admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes...

Linksys WRT54 GL - Session riding (CSRF)

==================================================================================== Team Intell Security Advisory TISA2008-01 ------------------------------------------------------------------------------------ Linksys WRT54 GL - Session riding CSRF...

PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users

PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users Description: BEA Plumtree portal 6.0 is vulnerable to username leakage through the search facility. By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP reques...

CVE-2007-4822

Cross-site request forgery CSRF vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as...

CVE-2007-4822

Cross-site request forgery CSRF vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators...

CVE-2007-4387

Cross-site request forgery CSRF vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators...

CVE-2007-4387

CVE-2007-4387 affects 2Wire routers (1701HG, 2071) with software versions 3.17.5/5.29.51. The flaw is a cross-site request forgery on the /xslt page that allows an attacker to perform configuration changes as an administrator. Related public material (PacketStorm, Metasploit module) confirms a CS...

CVE-2007-4387

Cross-site request forgery CSRF vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators...