27 matches found
EUVD-2014-3700
Malware in sbrugna...
EUVD-2014-3699
Malware in sbrugna...
CVE-2014-3760
Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...
CVE-2014-3761
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150
Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...
Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150
Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...
CVE-2014-3760
Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...
CVE-2014-3761
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
Cross site scripting
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...
CVE-2014-3761
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
CVE-2014-3760
Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...
CVE-2014-3760
CVE-2014-3760 applies to D-Link DAP-1150 firmware 1.2.94, where multiple CSRF flaws allow remote attackers to hijack administrator sessions and perform actions via index.cgi in the Firewall/DMZ and Control/URL-filter sections (e.g., enabling/disabling DMZ or adding/modifying/deleting URL-filter r...
CVE-2014-3761
The CVE-2014-3761 entry describes a Cross-site scripting (XSS) vulnerability in the D-Link DAP-1150, affected firmware 1.2.94. The issue is triggered by a crafted value in the res_buf parameter sent to index.cgi within the Control/URL-filter section, enabling remote attackers to inject arbitrary ...
PT-2014-5486 · D Link · D-Link Dap 1150
Name of the Vulnerable Software and Affected Versions: D-Link DAP 1150 version 1.2.94 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the res buf parameter to "index.cgi" in the Control/URL-filter section. Recommendations: For D-Lin...
Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150
Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...
D-Link DAP-1150 index.cgi多个参数存储型跨站脚本漏洞
D-link DAP-1150是一款路由器设备。 D-link DAP-1150不正确处理add函数中'resbuf'参数中的'Name', 'IP Addresses Source', 'Destination', 'Ports Source'和'Destination'字段数据,允许攻击者利用漏洞构建恶意URI,诱使用户解析,可获取敏感信息或劫持用户会话。 0 D-link DAP-1150 目前没有详细解决方案: http://www.dlink.com.au/products/?pid=735...
D-Link DAP 1150 Cross Site Request Forgery / Cross Site Scripting D-Link DAP 1150 Cross Site Reques
Exploit for hardware platform in category web applications In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wro...
D-Link DAP 1150 Cross Site Request Forgery / Cross Site Scripting
Hello list! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in Acce...
Exploit for D-Link DAP 1150
Hello! Here is exploit for D-Link DAP 1150. About vulnerabilities in it, which were used in this exploit, I've wrote in 2011. I've presented this exploit in my article "CSRF Attacks on Network Devices" in the magazine PenTest Extra 02/2012 http://pentestmag.com/pentestextra022012/, released in...