Check_MK < 1.2.8p25, 1.4.x < 1.4.0p9 XSS Vulnerability

CheckMK is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; i...

CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

Cross site scripting

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

D-Link DIR-605L Model B Denial of Service Vulnerability

D-Link DIR-605L Model B is a wireless router product from AUO D-Link. A denial of service vulnerability exists in versions prior to D-Link DIR-605L Model B FW2.11betaB06hbrf. An attacker could exploit this vulnerability by sending an HTTP request with a password field with a long string in the HT...

Cross site request forgery (csrf)

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request...

CVE-2017-16953

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request...

CVE-2017-16953

The CVE-2017-16953 issue affects ZTE ZXDSL 831CII devices, where connoppp.cgi does not require HTTP Basic Authentication. This allows an unauthenticated remote attacker to modify the PPPoE configuration (or set up malicious configurations) via a GET request. Public references corroborate an acces...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

PT-2017-14693 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L Model B versions prior to FW2.11betaB06 hbrf Description: An issue was discovered related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have...

ZTE ZXDSL 831CII - Improper Access Restrictions Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================...

ZTE ZXDSL 831CII - Improper Access Restrictions

Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Date: 27/11/2017 Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================= The Router usually servers html files &...

CVE-2017-16934

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a changepassword.csp request, which supports a...

Design/Logic Flaw

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a changepassword.csp request, which supports a...

CVE-2017-16934

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a changepassword.csp request, which supports a...

CVE-2017-16934

CVE-2017-16934 affects the web server in DBL DBLTek devices. An attacker can obtain the admin password via a frame.html?content=/dev/mtdblock/5 request and use it for HTTP Basic Auth to reach change_password.csp, where the passwd parameter supports a

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...