Gemtek CPE7000 WLTCS-106 - Multiple Vulnerabilities

Gemtek CPE7000 WLTCS-106 - Multiple Vulnerabilities !/usr/bin/python ''' Exploit Title: Gemtek CPE7000 / WLTCS-106 multiple vulnerabilities Date: 04/06/2016 Exploit Author: Federico Ramondino - framondino0x40mentat0x2eis Vendor Homepage: gemtek.com.tw Version: Firmware Version 01.01.02.082 Tested...

CVE-2016-1268

The CVE refers to Juniper ScreenOS, affected in versions before 6.3.0r21, where the administrative web services interface is vulnerable to a denial-of-service via a crafted SSL/TLS packet. The issue can cause a reboot or loss of administrative access and is exploitable remotely without authentica...

CVE-2016-1326

The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service device restart via a crafted HTTP request, aka Bug ID CSCup48105...

Symantec Encryption Management Server Server Multiple Security Issues

The management console for Symantec Encryption Management Server SEMS is susceptible to potential OS command execution, local access elevation of privilege, a heap-based memory corruption resulting in a service crash and potential information disclosure of management console logon/account...

Multiple Cross-Site Scripting Vulnerabilities in Apache Solr

Apache Solr is an enterprise-ready, Lucene-based search server. Multiple cross-site scripting vulnerabilities exist in the Admin UI of Apache Solr versions prior to 5.1. A remote attacker can inject arbitrary web script or HTML via constructed fields that are incorrectly handled when rendering...

Netgear WNR1000v4 - Authentication Bypass

Exploit for hardware platform in category web applications ''' Exploit Title: NetgearWNR1000v4AuthBypass Google Dork: - Date: 06.10.2015 Exploit Author: Daniel Haake Vendor Homepage: http://www.netgear.com/ Software Link: http://downloadcenter.netgear.com/en/product/WNR1000v4 Version: N300 router...

WordPress Squirrel Theme 1.6.4 Remote File Inclusion

| Title : WP-squirrel 1.6.4 Theme R/L Files Inclusion Download Vulnerability | Author : indoushka | email : [email protected] | Tested on: windows 8.1 Français V.Pro | Download : https://wordpress.org/themes/squirrel/ ======================================= poc : requireonce $functionspath...

Cisco Unity Connection Cross-Site Scripting Vulnerability

Cisco Unity Connection is the United States Cisco Cisco a set of voice message platform. The platform can utilize voice commands to make calls or listen to messages in a "hands-free" manner. A cross-site scripting vulnerability exists in the administrative interface of Cisco Unity Connection...

Huawei HG630a / HG630a-50 - Default SSH Admin Password on ADSL Modems

Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems Date: 10.11.2015 Exploit Author: Murat Sahin @murtshn Vendor Homepage: Huawei Version: HG630a and HG630a-50 Tested on: linux,windows Adsl modems force you to change admin web interface password. Even though you c...

Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

The Cisco Web Security Appliance is a network appliance from Cisco. A security vulnerability exists in the admin web interface of Cisco AsyncOS in the Cisco WSA Appliance. A remote attacker can exploit this vulnerability to gain root privileges via a specially crafted certificate-generation...

Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

A vulnerability in the certificate generation process in the admin web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to execute arbitrary commands on an affected system with root-level privileges. The vulnerability is due to the improper...

Netgear routers multiple security vulnerabilities

Administration interface is accessible without password validation, CSRF...

Wordpress EZ Portfolio 1.0.1 plugin - Multiple Persistant XSS Vulnerability

Exploit for php platform in category web applications Title : Wordpress EZ Portfolio 1.0.1 plugin - Multiple Persistant XSS vulnerability Author : ZwX Date : 22/02/2015 Downoload : https://downloads.wordpress.org/plugin/ez-portfolio.1.0.1.zip Vendor : http://webbisivut.org/ Level Security : Low...

Netgear N300 Authentication Bypass Vulnerability

Netgear N300 routers suffer from an authentication bypass vulnerability that allows for complete compromise. COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Netgear Router Firmware N3001.1.0.311.0.1.img and N300-1.1.0.281.0.1.img Vendor: NETGEAR CVE ID: requeste...

WordPress Contact Form Generator plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . contact Form Generator is one of the contact form generator plugin . A cross-site request forgery vulnerability...

Octogate UTM 3.0.12 - Admin Interface Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Octogate UTM Admin Interface Directory Traversal Date: 26.08.2015 Software Link: http://www.octogate.com Exploit Author: Oliver Karow Contact: email protected Website: http://www.oliverkarow.de Category: Remote Exploit Affected...

Wing FTP 4.4.6 Cross Site Request Forgery

Exploit Title: Wing FTP Server Cross-site Request Forgery vulnerabilities Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Cross-site Request Forgery CWE-352 CVE...

WordPress plugin WP Photo Album stores cross-site scripting vulnerabilities

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin WP Photo Album. Due to the lack of user-supplied filters for scripts passed to the...

Oracle Commerce Platform A vulnerability exists in the Commerce Platform component

Oracle Commerce Platform is the United States Oracle Oracle company's set of e-business solutions platform. A security vulnerability exists in the Dynamo Application Framework - HTML Admin User Interface subcomponent of the Oracle Commerce Platform component of Oracle Commerce Platform. A remote...

FreePBX suffers from multiple cross-site scripting vulnerabilities (CNVD-2015-02675)

FreePBX is an open source, web-based PBX solution. FreePBX has multiple cross-site scripting vulnerabilities. Due to multiple HTTP POST parameters passed to the "/admin/config.php" script when "type" is set to "setup", "display" to "digiumaddons", "page" to "add-license-form", and "addon" to "ffa...