6 matches found
zahnarztpraxis-noe-eberl.de Cross Site Scripting vulnerability OBB-3406563
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ASUS WRT Session Hijacking Nmap NSE Script
local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local vulns = require "vulns" local nmap = require "nmap" description = ASUSWRT is a wireless router operating system that powers many routers produced by ASUS. Sessio...
ASUSWRT - Multiple Vulnerabilities
ASUSWRT is a wireless router operating system that powers many routers produced by ASUS. Multiple exploitable vulnerabilities could be identified in the current version of ASUSWRT. Published: 08 Mar 2017 Affected routers: - RT-AC53 3.0.0.4.380.6038 ---------- Cross-Site Scripting XSS Component:...
CVE-2017-6549
CVE-2017-6549 is a session hijack vulnerability in the httpd component of ASUSWRT firmware on multiple ASUS routers (e.g., RT-N56U/RT-N66U/RT-AC66U/RT-AC68U family, RT-AC53U, RT-N12, RT-AC5300, RT-N600, and Asuswrt-Merlin variants) with firmware older than the specified versions (pre 3.0.0.4.380....
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing
ASUSWRT RT-AC53 3.0.0.4.380.6038 - Session Stealing Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function searchtokeninlist to validate if a user is logged into the admin interface by checking his asustoken value. There seems to be a branch which could be a...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing
Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function searchtokeninlist to validate if a user is logged into the admin interface by checking his asustoken value. There seems to be a branch which could be a failed attempt to build in a logout functionality...