CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

PT-2017-14693 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L Model B versions prior to FW2.11betaB06 hbrf Description: An issue was discovered related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have...

ZTE ZXDSL 831CII - Improper Access Restrictions Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================...

ZTE ZXDSL 831CII - Improper Access Restrictions

Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Date: 27/11/2017 Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================= The Router usually servers html files &...

CVE-2017-16934

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a changepassword.csp request, which supports a...

Design/Logic Flaw

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a changepassword.csp request, which supports a...

CVE-2017-16934

CVE-2017-16934 affects the web server in DBL DBLTek devices. An attacker can obtain the admin password via a frame.html?content=/dev/mtdblock/5 request and use it for HTTP Basic Auth to reach change_password.csp, where the passwd parameter supports a

CVE-2017-16934

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a changepassword.csp request, which supports a...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

Debian DSA-4031-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-0898 aerodudrizzt reported a buffer underrun vulnerability in the sprintf method of the Kernel module resulting in...

AlienVault : Puplic .htaccess/.htpasswd/.canvas files leads to password disclosure.

iam a big fan of fuzzing/bruteforcing after my last submission 288533 on http://data.alienvault.com, i decided to go further, after some bruteforcing i came across this directory which looked kinda interesting for me http://data.alienvault.com/snort/ when u try to access the directory you will ge...

GHSA-P692-7MM3-3FXG actionpack is vulnerable to remote bypass authentication

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

DBL DBLTek Device Web Server Command Execution Vulnerability

DBL DBLTek devices is a gateway product from DBL China. web server is one of the web servers. A security vulnerability exists in the web server on DBL DBLTek devices. The vulnerability can be exploited by a remote attacker to execute arbitrary operating system commands by obtaining the...

The vulnerability of the ap_get_basic_auth_pw() function in the Apache HTTP Server allows attackers to circumvent authentication requirements.

The vulnerability of the apgetbasicauthpw function in the Apache HTTP Server is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass authentication requirements by using external modules...

ALPINE-CVE-2017-10784

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...

CVE-2017-10784

Removed by vendor...

UBUNTU-CVE-2017-10784

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...