CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4

SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2014-3809 Product: 1830 Photonic Service Switch PSS-32/16/4 Vendor: Alcatel-Lucent Subject: Reflected Cross-site Scripting - XSS Effect: Remotely exploitable Author: Stephan Rickauer stephan.rickauer at swisscom.com Date:...

Cisco TelePresence Conductor WebUI Detection

Binary data ciscotelepresenceconductorwebuidetect.nbin...

CVE-2014-5395

CVE-2014-5395 describes CSRF vulnerabilities in Huawei HiLink devices: HiLink E3276 and E3236 TCPU (before V200R002B470D13SP00C00) and WebUI (before V100R007B100D03SP01C03), E5180s-22 (before 21.270.21.00.00), and E586Bs-2 (before 21.322.10.00.889). The underlying issue is cross-site request forg...

CVE-2014-6616 Softing FG-100 Webui XSS

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6616 Subject: XSS Risk: High Effect: Remotely exploitable Author: Johannes Klick Daniel Marzin Ingmar Rosenhagen Date: 05.11.2014 Introduction:...

Centreon SQL Injection / Command Injection Vulnerability

Centreon SQL InjectioCentreon versions 2.5.2 and below and Centreon Enterprise Server versions 2.2 and below and 3.0 and below suffer from remote SQL injection and remote command injection vulnerabilities.n / Command Injection Multiple unauthenticated SQL injections and unauthenticated remote...

Centreon SQL Injection / Command Injection

Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon SQL injections: ------------------ POST http://server/centreon/include/configuration/configObject/traps/GetXMLTrapsForVendor.php POST DATA mnftrid=1 or 1=1 union all select version,2 -- / POST...

ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass

The version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not...

Cisco Integrated Management Controller WebUI Detection

Binary data ciscoimcwebuidetect.nbin...

ScreenOS 1.73/2.x Firewall Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2176/info NetScreen Firewall is a network appliance used to secure against intruders and various types of attacks to a network. NetScreen has a Web administrative Interface WebUI used to configure and set the firewall...

uTorrent WebUI 0.310 beta 2 - Cross-Site Request Forgery Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28847/info uTorrent WebUI is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to execute arbitrary actions in the context of the affected application. uTorrent WebUI...

Azureus HTML WebUI 0.7.6 - Cross-Site Request Forgery Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28848/info Azureus HTML WebUI is prone to a cross-site request-forgery vulnerability. Successful exploits aid in transferring malicious content to unsuspecting users' computers, aiding in further attacks. Other actions ma...

uTorrent WebUI <= 0.370 - Authorization header DoS Exploit

No description provided by source. !/usr/bin/perl Exploit Title: uTorrent WebUI Version: µTorrent 2.0 build 18488 / WebUI EAX 00000000 ECX 00000000 EDX 00000001 EBX 003D8360 ASCII "admin" ESP 0141FE94 EBP 0141FF08 ESI 00000000 EDI 01511958 EIP 0041BC62 uTorrent.0041BC62 Good luck! corelanc0d3r us...

RapidWareX 2.0.1 - (WebUI) CSRF Exploit

No description provided by source. RapidWareX v2.0.1 WebUI CSRF Exploit Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co.il Email: [email protected] RapidWareX v2.0.1 WebUI is prone to a post-authentication CSRF vulnerability, which allows the...

Local File inclusion

A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI...

Skybox Security 6.3.x 6.4.x - Multiple Information Disclosures

Skybox Security 6.3.x 6.4.x - Multiple Information Disclosures Exploit Title: SKYBOX Security – Multiple Information Disclosure Date: 22-Jan-2014 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.skyboxsecurity.com Version: Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.1...

McAfee Cloud Single Sign On WebUI Default Credentials

The McAfee Cloud Single Sign On WebUI interface on the remote host has the 'admin' user account secured with the default password. A remote, unauthenticated attacker could exploit this to gain administrative access to the web interface. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

OpenMediaVault Web Detection

Binary data openmediavaultwebuidetect.nbin...

Palo Alto Networks PAN-OS Firewall/Panorama WebUI Default Credentials

The Palo Alto Networks PAN-OS Firewall / Panorama WebUI interface on the remote host has the 'admin' user account secured with the default password. An unauthenticated, remote attacker can exploit this to gain administrative access to the web interface. C Tenable Network Security, Inc...

Code injection

The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service WebUI outage via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019...

Cisco VC220 Network Dome Camera and Cisco VC240 Network Bullet Camera Denial of Service Vulnerabilites

The Cisco Video Surveillance VC220 Network Dome Camera and the Cisco VC240 Network Bullet Camera contain vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected devices, preventing web user interface WebUI access to the...