TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities

Exploit for hardware platform in category web applications ============ Vulnerability Overview: ============ Directory Traversal: Access local files of the device. For example you could read /etc/passwd and /etc/shadow. Request: GET /help/../../etc/passwd HTTP/1.1 Host: 192.168.178.2 User-Agent:...

TP-Link TL-WA701N / TL-WA701ND Directory Traversal / XSS

Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link ============ Vulnerable Firmware Releases: ============ Firmware Version: 3.12.6 Build 110210 Rel.37112n Firmware Version: 3.12.16 Build 120228 Rel.37317n - Published Date 2/28/2012 Hardware Version: WA701N v1 00000000 Model No.: TL-WA701N /...

TP-Link TL-WA701N TL-WA701ND - Multiple Vulnerabilities

TP-Link TL-WA701N TL-WA701ND - Multiple Vulnerabilities Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link ============ Vulnerable Firmware Releases: ============ Firmware Version: 3.12.6 Build 110210 Rel.37112n Firmware Version: 3.12.16 Build 120228 Rel.37317n - Published Date 2/28/2012 Hardwar...

TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities

Device Name: TL-WA701N / TL-WA701ND Vendor: TP-Link ============ Vulnerable Firmware Releases: ============ Firmware Version: 3.12.6 Build 110210 Rel.37112n Firmware Version: 3.12.16 Build 120228 Rel.37317n - Published Date 2/28/2012 Hardware Version: WA701N v1 00000000 Model No.: TL-WA701N /...

apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...

apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...

piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...

Cross-Site Scripting (XSS) vulnerability in gpEasy

Advisory ID: HTB23137 Product: gpEasy Vendor: gpeasy Vulnerable Versions: 3.5.2 and probably prior Tested Version: 3.5.2 Vendor Notification: January 2, 2013 Vendor Patch: January 2, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities

Advisory ID: HTB23120 Product: TVMOBiLi media server Vendor: TVMOBiLi Vulnerable Versions: 2.1.0.3557 and probably prior version Tested Version: 2.1.0.3557 in Windows XP SP3 32 bits Vendor Notification: October 15, 2012 Vendor Patch: November 21, 2012 Public Disclosure: December 5, 2012...

Cartweaver <= 3.0 LFI Vulnerability - Active Check

Cartweaver is prone to a local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Trombinoscope <= 3.5 SQLi Vulnerability - Active Check

Trombinoscope is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Oxide Webserver 2.0.4 Denial Of Service

Title : Oxide Webserver Remote Denial of Service Vulnerability Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://sourceforge.net/projects/oxide/ Advisory : http://secpod.org/blog/?p=516 : http://secpod.org/advisories/SecPodOxideWebServerDoSVuln.txt Software : Oxide Webserver...

Oxide Webserver 2.0.4 Denial of Service Vulnerability

Exploit for windows platform in category dos / poc Overview: --------- Oxide Webserver v2.0.4 is prone to a remote Denial of Service vulnerability as it fails to handle crafted requests from the client properly. Technical Description: ---------------------- The vulnerability is caused by an error...

Ubuntu Update for puppet USN-1506-1

Ubuntu Update for Linux kernel vulnerabilities USN-1506-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15061.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for puppet USN-1506-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

HP Operations Agent code execution

coda.exe buffer overflow on HTTP GET request processing...

Bluadmin Multiple SQLi Vulnerabilities - Active Check

Bluadmin is prone to multiple SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Citrix XenServer vSwitch Controller Component Multiple Vulnerabilities (CTX132476) - Active Check

Citrix XenServer is prone to multiple unspecified vulnerabilities. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Tiny Server <= 1.1.5 Information Disclosure Vulnerability - Active Check

Tiny Server is prone to arbitrary file disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Semantic Enterprise Wiki <= 1.6.0_2 XSS Vulnerability - Active Check

Semantic Enterprise Wiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Netmechanica NetDecision Traffic Grapher Server - Information Disclosure

Netmechanica NetDecision Traffic Grapher Server - Information Disclosure Title : Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability Author : Prabhu S Angadi SecPod Technologies www.secpod.com Vendor : http://www.netmechanica.com Advisory :...