CVE-2018-16832

CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header...

Cross site request forgery (csrf)

An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save...

CVE-2018-16337

An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save...

CVE-2018-8898

The CVE-2018-8898 entry concerns D-Link DSL-3782 routers, where the Login Panel authentication mechanism is flawed. A flaw in the Login Panel allows unauthenticated attackers to perform arbitrary read/write operations on passwords and configurations while an administrator is logged into the web p...

Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Exploit

Exploit for hardware platform in category remote exploits ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...

Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution

Inteno IOPSYS 2.0 4.2.0 - p910nd Remote Command Execution ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...

Fastweb FASTGate 0.00.47 Cross Site Request Forgery

Exploit Title: Fastweb FASTgate 0.00.47 CSRF Date: 09-05-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Fastweb Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/ Version: 0.00.47 CVE: CVE-2018-6023 I DESCRIPTION...

Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery

Exploit Title: Fastweb FASTgate 0.00.47 CSRF Date: 09-05-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Fastweb Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/ Version: 0.00.47 CVE: CVE-2018-6023 I DESCRIPTION...

Vulnerability Spotlight: Multiple Vulnerabilities in Allen Bradley MicroLogix 1400 Series Devices

These vulnerabilities were discovered by Jared Rittle and Patrick DeSantis of Cisco Talos. Summary Rockwell Automation Allen-Bradley MicroLogix 1400 Programmable Logic Controllers PLCs are marketed for use in a variety of different Industrial Control System ICS applications and processes. As such...

CVE-2017-8176

Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view...

Dodocool DC38 N300 - Cross-site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: DODOCOOL DC38 N300 Cross-site Request Forgery Date: 17-01-2018 Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: DODOCOOL Vendor Homepage: www.dodocool.com Version: RTN2-AW.GD.R3465.1.20161103 CVE:...

Design/Logic Flaw

Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service by deleting the configuration via a wc.dll?wwMaintEditConfig request which reaches an older version of a West Wind Web Connection HTTP service...

Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products

Multiple denial of service vulnerabilities were disclosed on Network Time Protocol NTP offical website. Attackers can exploit these vulnerabilities to cause a denial of service DoS condition. If trap service is enabled, an attacker can exploit this vulnerabilityc by sending a specially crafted...

Configuration Modification

October CMS is vulnerable to configuration modification. The library does not validate the type of files allowed to be uploaded, allowing a malicious user to upload malicious Apache configuration files to the server...

CVE-2017-1000194

The CVE-2017-1000194 entry concerns October CMS, specifically build 412. The vulnerability enables modification of Apache configuration through the file upload feature, which can lead to site compromise and potentially affect other applications on the same server. The description across connected...

CVE-2017-6157

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an...

Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)

Summary An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A...

Security Bypass Vulnerability in Multiple Huawei Phones

Huawei Berlin-L21, L21HN, L22, L22HN, L23, L24HN and FRD-L02, L04, L09, L14 and L19 are smartphones from Huawei. A security bypass vulnerability exists in multiple Huawei phones, where an attacker can modify the phone's configuration, which can lead to a bypass of the FRP feature...

CVE-2017-10833

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors...

CVE-2017-10833

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors...