Lucene search
+L

350 matches found

RedHat Linux
RedHat Linux
added 2008/04/08 11:28 p.m.5 views

Flash Player cross domain HTTP header flaw

Interaction error between Adobe Flash and multiple Universal Plug and Play UPnP services allow remote attackers to perform Cross-Site Request Forgery CSRF style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated by changing the primar...

4.3CVSS5.9AI score0.04796EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2007/04/10 12:0 a.m.169 views

MS07-019: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)

The remote version of Windows contains a flaw in the http request handler the Plug and Play service that could allow an attacker to execute arbitrary code on the remote host with the service privileges. Tenable Network Security, Inc. include"compat.inc"; if description scriptid25022;...

6.8CVSS6AI score0.08838EPSS
Exploits0References2
securityvulns
securityvulns
added 2006/07/22 12:0 a.m.117 views

D-Link Router UPNP Stack Overflow

D-Link Router UPNP Stack Overflow Release Date: July 13, 2006 Date Reported: February 27, 2006 Patch Development Time In Days: 136 Severity: High Remote Code Execution Vendor: D-Link Routers Affected: DI-524 Rev A DI-524 Rev C DI-524 Rev D DI-604 Rev E DI-624 Rev C DI-624 Rev D DI-784 Rev A...

0.3AI score
Exploits0
NVD
NVD
added 2006/07/21 2:3 p.m.28 views

CVE-2006-3687

Stack-based buffer overflow in the Universal Plug and Play UPnP service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long...

7.5CVSS8.1AI score0.19134EPSS
Exploits0References11
Cvelist
Cvelist
added 2006/07/18 9:0 p.m.29 views

CVE-2006-3687

Stack-based buffer overflow in the Universal Plug and Play UPnP service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long...

8.1AI score0.19134EPSS
Exploits0References11
CVE
CVE
added 2006/07/18 9:0 p.m.80 views

CVE-2006-3687

The CVE-2006-3687 issue is a stack-based buffer overflow in the UPnP service of several D-Link routers (DI-524, DI-604, DI-624, DI-784, WBR-1310, WBR-2310, EBR-2310) triggered by an oversized M-SEARCH UDP 1900 request. The CERT document notes this could allow a remote attacker to execute arbitrar...

7.5CVSS8.1AI score0.19134EPSS
Exploits0References11Affected Software7
Positive Technologies
Positive Technologies
added 2006/07/03 12:0 a.m.5 views

PT-2006-4236 · None +1 · Upnp +1

Name of the Vulnerable Software and Affected Versions: Siemens Speedstream Wireless Router version 2624 Description: The issue allows local users to bypass authentication and access protected files by utilizing the Universal Plug and Play UPnP/1.0 component. Recommendations: For Siemens Speedstre...

7.5CVSS6.6AI score0.01524EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2006/05/24 12:0 a.m.5 views

PT-2006-3507 · Edimax · Edimax Br-6104K

Name of the Vulnerable Software and Affected Versions: Edimax BR-6104K router affected versions not specified Description: The issue allows remote attackers to bypass access restrictions and conduct unauthorized operations. This is achieved via a UPnP request with a modified InternalClient...

7.5CVSS6.6AI score0.01548EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2006/05/24 12:0 a.m.3 views

PT-2006-3506 · Sitecom · Sitecom Wl-153

Name of the Vulnerable Software and Affected Versions: Sitecom WL-153 router firmware versions prior to 1.38 Description: The issue allows remote attackers to bypass access restrictions and conduct unauthorized operations. This is achieved via a UPnP request with a modified InternalClient...

7.5CVSS6.8AI score0.01548EPSS
Exploits0References5
securityvulns
securityvulns
added 2006/04/11 12:0 a.m.121 views

Microsoft Windows system services privilege escalation

There are several local services SSDP Discovery service, Universal Plug and Play Host service allow any authenticated user to configure service. It makes it possible to specify executable file and elevate privilege to Local System. Also vulnerable: HP Software: "Pml Driver HPZ12" HP Printer...

3AI score
Exploits0References4
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.29 views

Microsoft Windows XP Multiple Vulnerabilities (MS01-059, Q315000)

Microsoft Windows XP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2002 Michael Scheidell Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.4AI score0.49483EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.69 views

scan for UPNP hosts

Microsoft Universal Plug n Play is running on this machine. This service is dangerous for many different reasons. SPDX-FileCopyrightText: 2005 by John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS6.5AI score0.49483EPSS
Exploits0References2
exploitpack
exploitpack
added 2003/04/03 12:0 a.m.17 views

NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure

NETGEAR FM114P ProSafe Wireless Router - UPnP Information Disclosure source: https://www.securityfocus.com/bid/7267/info The Netgear FM114P ProSafe Wireless Router is vulnerable to information disclosure. If Remote Access and Universal Plug and Play are both enabled on the WAN interface, a UPnP...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/04/03 12:0 a.m.36 views

Netgear FM114P ProSafe Wireless Router - Rule Bypass

source: https://www.securityfocus.com/bid/7270/info The Netgear FM114P allows certain ports to be blocked, both for external users attempting to enter the local network and for local users connecting to the WAN. If Remote Access and Universal Plug and Play are both enabled on the WAN interface, a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/04/03 12:0 a.m.34 views

Netgear FM114P ProSafe Wireless Router - UPnP Information Disclosure

source: https://www.securityfocus.com/bid/7267/info The Netgear FM114P ProSafe Wireless Router is vulnerable to information disclosure. If Remote Access and Universal Plug and Play are both enabled on the WAN interface, a UPnP SOAP request can retrieve the username and password for the WAN...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/04/03 12:0 a.m.18 views

NETGEAR FM114P ProSafe Wireless Router - Rule Bypass

NETGEAR FM114P ProSafe Wireless Router - Rule Bypass source: https://www.securityfocus.com/bid/7270/info The Netgear FM114P allows certain ports to be blocked, both for external users attempting to enter the local network and for local users connecting to the WAN. If Remote Access and Universal...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.37 views

CVE-2001-0877

Universal Plug and Play UPnP on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via 1 a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic e.g., chargen, or 2 via a spoofed SSDP...

6.5AI score0.43764EPSS
Exploits0References9
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.35 views

CVE-2001-0876

Buffer overflow in Universal Plug and Play UPnP on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL...

7.7AI score0.49483EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2002/01/25 12:0 a.m.55 views

MS01-059: Unchecked Buffer in Universal Plug and Play can Lead to System Compromise (315000)

Using a specially crafted NOTIFY directive, a remote attacker can cause code to run in the context of the Universal Plug and Play UPnP subsystem or possibly launch a denial of service attack against the affected host. Note that, under Windows XP, the UPnP subsystem operates with SYSTEM privileges...

7.5CVSS5.7AI score0.49483EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/12/21 12:0 a.m.44 views

Microsoft Security Notification Bulletin MS01-059

---------------------------------------------------------------------- Title: Unchecked Buffer in Universal Plug and Play can Lead to System Compromise Date: 20 December 2001 Software: Windows 98, Windows 98SE, Windows ME, Windows XP Impact: Run code of attacker's choice Max Risk: Critical...

1.1AI score
Exploits0
Rows per page
Query Builder