Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability

Description: The Asus RT-N66U is a home wireless router. Its web application has a CSRF vulnerability that allows an attacker to execute arbitrary commands on the target device. Exploitable URL: The parameter SystemCmd in the URL below causes the device to execute arbitrary commands. The value...

Monit <= 4.2 - Remote Root Buffer Overflow Exploit

No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA www eos-india net poc 305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...

ntop 3.3.10 HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An...

Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability

No description provided by source. CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be...

Design/Logic Flaw

Unspecified vulnerability in IBM API Management 3.0.0.0, when basic authentication is used for APIs, allows remote attackers to bypass intended restrictions on topology access, and obtain sensitive information, via unknown vectors...

Respondly: No Bruteforce Protection

Hi, Your Basic Authentication at http://o1.m.respond.ly:8080/ has no bruteforce protection using hydra or some other tool it can be bruteforced...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...

ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)

ASUS RT-N56U remote root shell buffer overflow exploit. !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jaco...

ASUS RT-N56U - Remote Buffer Overflow (ROP)

ASUS RT-N56U - Remote Buffer Overflow ROP !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jacob Holcomb/Gimp...

[Router Password Kracker] Router Password Recovery Software

Router Password Kracker is a free software to recover the lost password of your Router. It can also be used to recover password from your internet Modem or Web sites which are protected by HTTP BASIC Authentication. Generally Routers or Modems control their access by using HTTP BASIC authenticati...

[Cansina] Web Content Discovery Application

It takes general available lists of common path and files used by web applications and make URL requests looking back to the server response code. Cansina stores the information in a sqlite database omitting 404 responses. One for every new url think this as a kind of projects feature and the sam...

Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability

Exploit for hardware platform in category web applications Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage:...

MGASA-2013-0262 Updated nagstamon package fixes security vulnerability

A user details information exposure flaw was found in the way Nagstamon performed automated requests to get information about available updates. Remote attackers could use this flaw to obtain user credentials for servers monitored by the desktop status monitor due to their improper base64...

Re: Cisco/Linksys E1200 N300 Reflected XSS

Mitre has assigned the following CVE for this issue: CVE-2013-2679 On Mon, Apr 29, 2013 at 12:27 AM, Carl Benedict [email protected] wrote: Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently...

Cisco Linksys E1200 / N300 Cross Site Scripting

Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...

OpenShift Enterprise and Online vulnerable to CSRF attack with REST API

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser...

basic_auth

This plugin bruteforces basic authentication logins. Nine configurable parameters exist: usersFile stopOnFirst passwdFile passEqUser useLeetPasswd useSvnUsers useEmails useProfiling profilingNumber This plugin will take users from the file pointed by "usersFile", mail users found on the site and...

Cisco/Linksys E1200 N300 Reflected XSS

Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...

Cisco Linksys WRT310N 2.0.00 Denial Of Service Vulnerability

Cisco Linksys WRT310N version 2.0.00 suffers from a remote denial of service vulnerability. Summary -------------------- Software : Cisco/Linksys Router OS Hardware : WRT310N v2 others currently untested Version : 2.0.00 others currently untested Website : http://www.linksys.com Issue : Remote...