782 matches found
Moxa AWK-3131A Web Application bkpath HTTP Header Injection Vulnerability(CVE-2016-8720)
Summary An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the...
Moxa AWK-3131A Web Application Nonce Reuse Vulnerability(CVE-2016-8712)
Summary An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Teste...
Moxa AWK-3131A Web Application Ping Command Injection Vulnerability(CVE-2016-8721)
Summary An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device...
Moxa AWK-3131A web_runScript Header Manipulation Denial of Service Vulnerability(CVE-2016-8726)
Summary An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web...
Moxa AWK-3131A Web Application systemlog.log Information Disclosure Vulnerability(CVE-2016-8725)
Summary An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Tested Versions Moxa AWK-3131...
Moxa AWK-3131A Web Application Multiple Reflected Cross-Site Scripting Vulnerabilities(CVE-2016-8719)
Summary An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Tested Versions...
Moxa AWK-3131A serviceAgent Information Disclosure Vulnerability(CVE-2016-8724)
Summary An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Tested Versions Moxa AWK-3131A...
Moxa AWK-3131A Hard-coded Administrator Credentials Vulnerability(CVE-2016-8717)
Summary An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged root account with hard-coded credentials, giving attackers full control of affected devices...
Moxa AWK-3131A Web Application asqc.asp Information Disclosure Vulnerability(CVE-2016-8722)
Summary An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Tested Versio...
MAWK 1.3.3-17 - Local Buffer Overflow
MAWK 1.3.3-17 - Local Buffer Overflow !/usr/bin/python Developed using Exploit Pack - http://exploitpack.com - Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Tested on: GNU/Linux - Kali 2017.1 Release Description: MAWK AWK Interpreter 1.3.3-17 and prior is prone to a stack-based...
MAWK 1.3.3-17 - Local Buffer Overflow Exploit
Exploit for linux platform in category local exploits !/usr/bin/python Developed using Exploit Pack - http://exploitpack.com - Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Tested on: GNU/Linux - Kali 2017.1 Release Description: MAWK AWK Interpreter 1.3.3-17 and prior is prone t...
MAWK 1.3.3-17 Buffer Overflow
!/usr/bin/python Developed using Exploit Pack - http://exploitpack.com - Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Tested on: GNU/Linux - Kali 2017.1 Release Description: MAWK AWK Interpreter 1.3.3-17 and prior is prone to a stack-based buffer overflow vulnerability because...
MAWK 1.3.3-17 - Local Buffer Overflow
!/usr/bin/python Developed using Exploit Pack - http://exploitpack.com - Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Tested on: GNU/Linux - Kali 2017.1 Release Description: MAWK AWK Interpreter 1.3.3-17 and prior is prone to a stack-based buffer overflow vulnerability because...
IPFire proxy.cgi RCE
IPFire, a free linux based open source firewall distribution, version 'IPFire proxy.cgi RCE', 'Description' = %q IPFire, a free linux based open source firewall distribution, version 'h00die ', module '0x09AL' discovery , 'References' = 'CVE', '2017-9757' , 'EDB', '42149' , 'License' = MSFLICENSE...
Moxa AWK-3131A Wireless Access Point Operating System Command Injection Vulnerability
Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa China. An operating system command injection vulnerability exists in the web application 'ping' function in Moxa AWK-3131A Wireless Access Points using firmware version 1.1. A remote attacker could exploit this vulnerability to...
Moxa AWK-3131A Wireless Access Point Information Disclosure Vulnerability (CNVD-2017-07354)
Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa, China.Web Application is one of the web application modules. An information disclosure vulnerability exists in the Web Application feature of the Moxa AWK-3131A Wireless Access Point using firmware version 1.1. An attacker can...
Moxa AWK-3131A Wireless Access Point Cross-Site Scripting Vulnerability
Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa, China.Web Application is one of the web application modules. A cross-site scripting vulnerability exists in the Web Application feature of the Moxa AWK-3131A Wireless Access Point with firmware version 1.1. A remote attacker can...
Moxa AWK-3131A Wireless Access Point HTTP Denial of Service Vulnerability
Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa, China.Web Application is one of the web application modules. An HTTP denial of service vulnerability exists in the Web Application feature of the Moxa AWK-3131A Wireless Access Point with firmware version 1.1. An attacker can...
Moxa AWK-3131A Wireless Access Point Cross-Site Request Forgery Vulnerability
Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa China. A cross-site request forgery vulnerability exists in the Moxa AWK-3131A Wireless Access Point using firmware version 1.1. A remote attacker can exploit this vulnerability to perform unauthorized operations...
Moxa AWK-3131A Wireless Access Point Plaintext Transfer Password Vulnerability
Moxa AWK-3131A Wireless Access Point is a wireless switch from Moxa, China.Web Application is one of the web application modules. A security vulnerability exists in the Web Application feature of the Moxa AWK-3131A Wireless Access Point with firmware version 1.1, which is caused by the program...