291 matches found
[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert
Hi, You can read the usernames and MD5 hashed passwords of all the users in the Device Expert application by sending an unauthenticated request. I am releasing this as a 0 day as ManageEngine have responded that they do not consider this a priority and won't fix it in the near future unless a...
ManageEngine DeviceExpert 5.9 Credential Disclosure
Hi, You can read the usernames and MD5 hashed passwords of all the users in the Device Expert application by sending an unauthenticated request. I am releasing this as a 0 day as ManageEngine have responded that they do not consider this a priority and won't fix it in the near future unless a...
D-Link AP 3200 Multiple Vulnerabilities
Exploit for hardware platform in category web applications Those vulnerabilities have only been tested on the D-Link AP 3200 serie but other series 8600, 7700, 2700, .. might also be vulnerable. 1. Unauthenticated request to change Wireless settings To do so, you just need to craft a specific POS...
D-Link AP 3200 Missing Authentication / Cleartext Secret Storage
Exploit Title: D-Link AP 3200 Multiple Vulnerabilities Date: 29/07/2014 Exploit Author: pws Vendor Homepage: http://www.dlink.com/ Firmware Link: http://ftp.dlink.ru/pub/Wireless/DWL-3200AP/Firmware/ Tested on: Latest version Shodan d0rk: "Server: Allegro-Software-RomPager/4.06" 12000 devices CVE...
D-Link AP 3200 - Multiple Vulnerabilities
D-Link AP 3200 - Multiple Vulnerabilities Exploit Title: D-Link AP 3200 Multiple Vulnerabilities Date: 29/07/2014 Exploit Author: pws Vendor Homepage: http://www.dlink.com/ Firmware Link: http://ftp.dlink.ru/pub/Wireless/DWL-3200AP/Firmware/ Tested on: Latest version Shodan d0rk: "Server:...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
TLS: MITM attacks via session renegotiation
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
TLS Renegotiation (CVE-2009-3555)
Transport Layer Security TLS and Secure Sockets Layer SSL are cryptographic protocols that provide security for communications over networks. A spoofing vulnerability exists in multiple implementations of these protocols. The vulnerability is due to the flaw in the renegotiation aspect of the TLS...
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...
CVE-2002-0352
Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication...