80 matches found
CVE-2014-10019
Multiple cross-site request forgery CSRF vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that 1 change the SSID or 2 change the password via a crafted request...
CVE-2014-10018
CVE-2014-10018 is an XSS vulnerability in the Teracom T2-B-Gawv1.4U10Y-BI modem, specifically in webconfig/wlan/country.html/country, where the essid parameter can be manipulated to inject arbitrary web script or HTML. The connected records confirm only the generic description and lack explicit t...
Alt-N MDaemon 2.8.5 0 WebConfig Overflow DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/820/info The Mdaemon mail server for Windows includes a small web server for web-based remote administration. This webserver is vulnerable due to an unchecked buffer that handles incoming GET requests. An abnormally large...
Teracom Modem T2-B-Gawv1.4U10Y-BI - Stored XSS Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Teracom Modem Stored XSS Vulnerability Date: 19-01-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI Tested on: Windows 7 Code : GET...
CVE-2012-4848
Multiple cross-site scripting XSS vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the 1 First Name or 2 Last Name field...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the 1 First Name or 2 Last Name field...
CVE-2012-5323
Affected : Xavi X7968 router (webconfig/admin_passwd/passwd.html/admin_passwd). Vulnerability : Cross-site request forgery (CSRF) that allows remote attackers to hijack/alter administrator passwords by submitting requests containing sysUserName, sysPassword, and sysCfmPwd parameters. Root cause :...
Xavi 7968 ADSL Router - '/webconfig/wan/confirm.html/confirm?pvcName' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52098/info Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities. The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially...
thecus-rfi.txt
Thecus N5200Pro NAS Server Control Panel Remote File İnclude Author : CrackersChild Mail : [email protected] Bug in : usrgetform.html Exploit : www.site.com:9443/usr/usrgetform.html?name=Shelz? İnfo : http://www.thecus.com/productsover.php?cid=11&pid=8 Greetz: Str0ke...
Thecus N5200Pro NAS Server Control Panel - Remote File Inclusion
Thecus N5200Pro NAS Server Control Panel Remote File Ä°nclude Author : CrackersChild Mail : [email protected] Bug in : usrgetform.html Exploit : www.site.com:9443/usr/usrgetform.html?name=Shelz? Ä°nfo : http://www.thecus.com/productsover.php?cid=11&pid=8 Greetz: Str0ke milw0rm.com 2008-02-18...
CVE-2001-0583
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device such as GET /aux to 1 the Worldclient service at port 3000, or 2 the Webconfig service at port 3001...
CVE-2001-0583
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device such as GET /aux to 1 the Worldclient service at port 3000, or 2 the Webconfig service at port 3001...
DoS через DOS-устройства в MDaemon
Запрос типа http://www.foo.org:3000/aux приводит к зависанию служб Worldclient Webconfig...
CVE-2001-0064
MDaemon IMAP Server DoS (CVE-2001-0064): The vulnerability affects MDaemon Webconfig/IMAP in versions up to 3.5.0 and earlier, where a remote attacker can crash the service by sending a long URL/argument terminated by a CRLF (LOGIN) string. OpenVAS/Nessus entries confirm remote DoS via long input...
CVE-2000-1021
CVE-2000-1021 describes a heap overflow in the WebConfig component of Mdaemon ≤ 3.1.1. The vulnerability allows remote attackers to cause a denial of service and potentially execute arbitrary commands by supplying a long URL. Exploitation details are not provided in the available documents. No re...
CVE-1999-0844
CVE-1999-0844 maps to a DoS in MDaemon WorldClient and WebConfig services caused by an overflow when handling excessively long URLs. Nessus entries MDAEMON_WEBCONFIG.NASL and MDAEMON_WORLDCLIENT.NASL describe remote attackers sending abnormally long GET requests (e.g., GET /aaaaa[... ]aaa HTTP/1....
CVE-1999-0844
Denial of service in MDaemon WorldClient and WebConfig services via a long URL...
CVE-1999-0844
Denial of service in MDaemon WorldClient and WebConfig services via a long URL...
mdaemon.2.8.5.0.txt
Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0 Vulnerability PROBLEM: UssrLabs found multiple places in MDaemon v2.8.5.0 where they do not use proper bounds checking. The following all result in a Denial of Service against the service in question. affected services: WorldClient: Port 20...
MDaemon WebConfig HTTP Server URL Overflow DoS
It was possible to crash Webconfig which is used to configure MDaemon by sending the request : GET /aaaaa...aaa HTTP/1.0 This could allow a remote attacker to crash the web server, preventing the MDaemon server from being configured remotely. C Tenable Network Security, Inc. include"compat.inc";...