14 matches found
D-Link Devices - 'info.cgi' POST Buffer Overflow (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link info.cgi POST Request Buffer Overflow', 'Description' = %q This module exploits an anonymous remote code execution vulnerabili...
D-Link DIR-605L Captcha Handling Buffer Overflow
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ManualRanking Because only has been tested on a QEMU emulated environme...
WRT120N 1.0.0.7 - Stack Overflow
No description provided by source. !/usr/bin/env python WRT120N v1.0.0.7 stack overflow, ROP to 4-byte overwrite which clears the admin password. Craig Heffner http://www.devttys0.com 2014-02-14 import sys import urllib2 try: target = sys.argv1 except IndexError: print Usage: %s target ip %...
WRT120N 1.0.0.7 - Remote Stack Overflow
!/usr/bin/env python WRT120N v1.0.0.7 stack overflow, ROP to 4-byte overwrite which clears the admin password. Craig Heffner http://www.devttys0.com 2014-02-14 import sys import urllib2 try: target = sys.argv1 except IndexError: print "Usage: %s " % sys.argv0 sys.exit1 url = target +...
D-Link Patches Backdoor Vulnerabilities in Routers
D-Link has patched a backdoor present in a number of its routers that was publicized almost two months ago and could allow an attacker to remotely access the administrative panel on the hardware, run code and make any number of changes. The Thanksgiving patch parade addressed the issue in a numbe...
D-Link DIR-605L - Captcha Handling Buffer Overflow (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 /Boa/ include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'D-Link DIR-605L Captcha Handling...
Unfixed XSS vulnerability at www.macupdate.com
Security researcher Craig Heffner, has submitted on 09/06/2007 a cross-site-scripting XSS vulnerability affecting www.macupdate.com, which at the time of submission ranked 11658 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/06/2007. It is...
NetProxy 4.03 - Web Filter Evasion / Bypass Logging
!/usr/bin/perl Application: NetProxy 4.03 http://www.grok.co.uk/netproxy/index.html Description: NetProxy includes a powerful web cache to boost performance and reduce online costs. There is also an application-level firewall to protect your network from unwanted access, full access logging to...
16 HTTP Upload Tool (download.php) Information Disclosure Vulnerability
No description provided by source. Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sanity checking on the...
DoSePa 1.0.4 - textview.php Information Disclosure
DoSePa 1.0.4 - textview.php Information Disclosure Target: DoSePa 1.0.4 textview.php http://sourceforge.net/project/showfiles.php?groupid=91686 Vulnerability: Information disclosure. Description: The textview.php page in DoSePa does not properly sanitize the $GET'file' value; this allows an...
DoSePa 1.0.4 - 'textview.php' Information Disclosure
Target: DoSePa 1.0.4 textview.php http://sourceforge.net/project/showfiles.php?groupid=91686 Vulnerability: Information disclosure. Description: The textview.php page in DoSePa does not properly sanitize the $GET'file' value; this allows an attacker to view any file to which the server has read...
HTTP Upload Tool - download.php Information Disclosure
HTTP Upload Tool - download.php Information Disclosure Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sani...
HTTP Upload Tool - 'download.php' Information Disclosure
Target: HTTP Upload Tool For PHP 1.0 http://uploadtool.sourceforge.net/ Vulnerability: Information disclosure Description: The download.php file in Upload Tool for PHP neither verifies that a requestor has authenticated, nor performs any sanity checking on the file being requested. This allows an...
BrewBlogger 1.3.1 - 'printLog.php' SQL Injection
!/usr/bin/perl Target: BewBlogger 1.3.1 http://brewblogger.zkdigital.com Vulnerability: SQL Injection Description: BrewBlogger does not properly sanitize the 'id=' parameter passed to printLog.php. Since each user entry contains an auto-incrementing ID number, it is possible to enumerate all user...