278 matches found
PT-2017-3172 · NetGear · Netgear Wnr2000V5 Router
Name of the Vulnerable Software and Affected Versions: NETGEAR WNR2000v5 Router affected versions not specified Description: The issue is caused by a buffer overflow in the hidden lang avi parameter when invoking the URL "/apply.cgi?/lang check.html". This can be exploited by an unauthenticated...
D-Link DIR-615 Open Redirection / Cross Site Scripting
Title: D-Link DIR-615 Multiple Vulnerabilities Date: 10-01-2017 Hardware Version: E3 Firmware Version: 5.10 Tested on: Windows 8 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original write-up:https://osandamalith.com/2017/01/04/d-link-dir-615-open-redirection-and-xss/ Overview...
D-Link DIR-615 - Multiple Vulnerabilities
Title: D-Link DIR-615 Multiple Vulnerabilities Date: 10-01-2017 Hardware Version: E3 Firmware Version: 5.10 Tested on: Windows 8 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original write-up:https://osandamalith.com/2017/01/04/d-link-dir-615-open-redirection-and-xss/ Overview...
D-Link DIR-615 - Multiple Vulnerabilities
D-Link DIR-615 - Multiple Vulnerabilities Title: D-Link DIR-615 Multiple Vulnerabilities Date: 10-01-2017 Hardware Version: E3 Firmware Version: 5.10 Tested on: Windows 8 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original...
D-Link DIR-615 'apply.cgi'绕过安全限制漏洞
No description provided by source. 构造url 访问路由器 http://192.168.0.1/apply.cgi?adminpassword=pwdpwd&adminpassword1=pwdpwd& admPass2=pwdpwd&remoteenable=1&remotehttpmanagementenable=1&remotehttp managementport=8080&remoteinboundfilter=AllowAll&remotehttpmanagement inboundfilter=AllowAll...
Linksys EA2700 apply.cgi 目录穿越
No description provided by source...
CVE-2013-3068
Cross-site request forgery CSRF vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in apply.cgi in Belkin N300 F7D7301v1 router allows remote attackers to hijack the authentication of administrators for requests that modify configuration...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports...
CVE-2013-3068
CVE-2013-3068 describes a cross-site request forgery (CSRF) in the Linksys WRT310Nv2 2.0.0.1 firmware, specifically targeting the apply.cgi endpoint. The vulnerability allows an attacker to hijack an administrator’s authenticated session to perform actions such as changing passwords and altering ...
Linksys WRT160N 'apply.cgi' Cross-Site Scripting Vulnerability
No description provided by source...
Linksys E1500/E2500 apply.cgi Remote Command Injection
No description provided by source...
Dell TrueMobile 2300 Remote Credential Reset Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an...
Cross site scripting
Cross-site scripting XSS vulnerability in AdvancedWirelessContent.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the currentpage parameter to apply.cgi...
D-Link DAP-1320 Directory Traversal / Cross Site Scripting Vulnerabilities
D-Link DAP-1320 wireless range extenders suffer from cross site scripting and directory traversal vulnerabilities. D-Link's DAP-1320 Wireless Range Extender suffers from both a directory traversal and a XSS vulnerability on all firmware versions. current v. 1.20B07...
Belkin Linksys WRT54GL apply.cgi Remote Command Execution
A remote command execution vulnerability has been reported in Belkin Linksys WRT54GL...
Cisco Linksys E1200 / N300 Cross Site Scripting
Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...
Linksys WRT160nv2 apply.cgi Remote Command Injection
Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload...
Cisco Linksys E1200 / N300 Cross Site Scripting Vulnerability
Cisco Linksys E1200 and N300 routers version 2.0.04 suffer from a cross site scripting vulnerability. Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue :...
Cisco Linksys E1200 / N300 Cross Site Scripting
Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...