PT-2016-6143 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 7.4 through 7.4r13.3 Pulse Connect Secure PCS versions 8.0 through 8.0r8 Pulse Connect Secure PCS versions 8.1 through 8.1r1 Pulse Connect Secure PCS versions 8.2 through 8.2r0 Description: A cross-site...

PT-2016-6144 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 7.4 through 7.4r13.3 Pulse Connect Secure PCS versions 8.0 through 8.0r8 Pulse Connect Secure PCS versions 8.1 through 8.1r1 Pulse Connect Secure PCS versions 8.2 through 8.2r0 Description: A cross-site...

Allegro Software Development RomPager Security Bypass Vulnerability

Allegro Software Development RomPager is an embedded Web server toolkit that allows users to manage and control World Wide Web WWW services for network devices such as network printers, switches, and routers using a common Web browser. A security vulnerability in Allegro Software Development...

Gemtek CPE7000 WLTCS-106 - Multiple Vulnerabilities

Gemtek CPE7000 WLTCS-106 - Multiple Vulnerabilities !/usr/bin/python ''' Exploit Title: Gemtek CPE7000 / WLTCS-106 multiple vulnerabilities Date: 04/06/2016 Exploit Author: Federico Ramondino - framondino0x40mentat0x2eis Vendor Homepage: gemtek.com.tw Version: Firmware Version 01.01.02.082 Tested...

Gemtek CPE7000 / WLTCS-106 - Multiple Vulnerabilities

!/usr/bin/python ''' Exploit Title: Gemtek CPE7000 / WLTCS-106 multiple vulnerabilities Date: 04/06/2016 Exploit Author: Federico Ramondino - framondino0x40mentat0x2eis Vendor Homepage: gemtek.com.tw Version: Firmware Version 01.01.02.082 Tested on: Product Name : CPE7000 Model ID : WLTCS-106...

CVE-2016-1268

The CVE refers to Juniper ScreenOS, affected in versions before 6.3.0r21, where the administrative web services interface is vulnerable to a denial-of-service via a crafted SSL/TLS packet. The issue can cause a reboot or loss of administrative access and is exploitable remotely without authentica...

CVE-2016-1326

The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service device restart via a crafted HTTP request, aka Bug ID CSCup48105...

Symantec Encryption Management Server Server Multiple Security Issues

The management console for Symantec Encryption Management Server SEMS is susceptible to potential OS command execution, local access elevation of privilege, a heap-based memory corruption resulting in a service crash and potential information disclosure of management console logon/account...

Multiple Cross-Site Scripting Vulnerabilities in Apache Solr

Apache Solr is an enterprise-ready, Lucene-based search server. Multiple cross-site scripting vulnerabilities exist in the Admin UI of Apache Solr versions prior to 5.1. A remote attacker can inject arbitrary web script or HTML via constructed fields that are incorrectly handled when rendering...

Netgear WNR1000v4 - Authentication Bypass

Exploit for hardware platform in category web applications ''' Exploit Title: NetgearWNR1000v4AuthBypass Google Dork: - Date: 06.10.2015 Exploit Author: Daniel Haake Vendor Homepage: http://www.netgear.com/ Software Link: http://downloadcenter.netgear.com/en/product/WNR1000v4 Version: N300 router...

WordPress Squirrel Theme 1.6.4 Remote File Inclusion

| Title : WP-squirrel 1.6.4 Theme R/L Files Inclusion Download Vulnerability | Author : indoushka | email : [email protected] | Tested on: windows 8.1 Français V.Pro | Download : https://wordpress.org/themes/squirrel/ ======================================= poc : requireonce $functionspath...

Cisco Unity Connection Cross-Site Scripting Vulnerability

Cisco Unity Connection is the United States Cisco Cisco a set of voice message platform. The platform can utilize voice commands to make calls or listen to messages in a "hands-free" manner. A cross-site scripting vulnerability exists in the administrative interface of Cisco Unity Connection...

Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

The Cisco Web Security Appliance is a network appliance from Cisco. A security vulnerability exists in the admin web interface of Cisco AsyncOS in the Cisco WSA Appliance. A remote attacker can exploit this vulnerability to gain root privileges via a specially crafted certificate-generation...

Huawei HG630a / HG630a-50 - Default SSH Admin Password on ADSL Modems

Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems Date: 10.11.2015 Exploit Author: Murat Sahin @murtshn Vendor Homepage: Huawei Version: HG630a and HG630a-50 Tested on: linux,windows Adsl modems force you to change admin web interface password. Even though you c...

Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability

A vulnerability in the certificate generation process in the admin web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to execute arbitrary commands on an affected system with root-level privileges. The vulnerability is due to the improper...

Netgear routers multiple security vulnerabilities

Administration interface is accessible without password validation, CSRF...

Wordpress EZ Portfolio 1.0.1 plugin - Multiple Persistant XSS Vulnerability

Exploit for php platform in category web applications Title : Wordpress EZ Portfolio 1.0.1 plugin - Multiple Persistant XSS vulnerability Author : ZwX Date : 22/02/2015 Downoload : https://downloads.wordpress.org/plugin/ez-portfolio.1.0.1.zip Vendor : http://webbisivut.org/ Level Security : Low...

Netgear N300 Authentication Bypass Vulnerability

Netgear N300 routers suffer from an authentication bypass vulnerability that allows for complete compromise. COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Netgear Router Firmware N3001.1.0.311.0.1.img and N300-1.1.0.281.0.1.img Vendor: NETGEAR CVE ID: requeste...

WordPress Contact Form Generator plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . contact Form Generator is one of the contact form generator plugin . A cross-site request forgery vulnerability...

Octogate UTM 3.0.12 - Admin Interface Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Octogate UTM Admin Interface Directory Traversal Date: 26.08.2015 Software Link: http://www.octogate.com Exploit Author: Oliver Karow Contact: email protected Website: http://www.oliverkarow.de Category: Remote Exploit Affected...