29 matches found
EUVD-2014-3700
Malware in sbrugna...
EUVD-2014-3699
Malware in sbrugna...
CVE-2014-3760
Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...
CVE-2014-3761
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150
Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...
CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150
Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...
D-Link DSL-500T / DAP 1150 / DAP-1320 multiple security vulnerabilities
Web administration interface crossite request forgery, authentication bypass, directory traversal...
CVE-2014-3760
Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...
CVE-2014-3761
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
Cross site scripting
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...
CVE-2014-3761
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
CVE-2014-3760
Multiple cross-site request forgery CSRF vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable the DMZ in the Firewall/DMZ section via a request to index.cgi or 3 add, 4 modify, or 5...
CVE-2014-3760
CVE-2014-3760 applies to D-Link DAP-1150 firmware 1.2.94, where multiple CSRF flaws allow remote attackers to hijack administrator sessions and perform actions via index.cgi in the Firewall/DMZ and Control/URL-filter sections (e.g., enabling/disabling DMZ or adding/modifying/deleting URL-filter r...
CVE-2014-3761
The CVE-2014-3761 entry describes a Cross-site scripting (XSS) vulnerability in the D-Link DAP-1150, affected firmware 1.2.94. The issue is triggered by a crafted value in the res_buf parameter sent to index.cgi within the Control/URL-filter section, enabling remote attackers to inject arbitrary ...
PT-2014-5486 · D Link · D-Link Dap 1150
Name of the Vulnerable Software and Affected Versions: D-Link DAP 1150 version 1.2.94 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the res buf parameter to "index.cgi" in the Control/URL-filter section. Recommendations: For D-Lin...
PT-2014-5485 · D Link · D-Link Dap 1150
Name of the Vulnerable Software and Affected Versions: D-Link DAP 1150 version 1.2.94 Description: The issue allows remote attackers to hijack the authentication of administrators for various requests, including enabling or disabling the DMZ in the Firewall/DMZ section via a request to "index.cgi...
Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150
Hello 3APA3A! In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wrote about vulnerabilities in admin panel in...
D-Link DAP-1150 index.cgi多个参数存储型跨站脚本漏洞
D-link DAP-1150是一款路由器设备。 D-link DAP-1150不正确处理add函数中'resbuf'参数中的'Name', 'IP Addresses Source', 'Destination', 'Ports Source'和'Destination'字段数据,允许攻击者利用漏洞构建恶意URI,诱使用户解析,可获取敏感信息或劫持用户会话。 0 D-link DAP-1150 目前没有详细解决方案: http://www.dlink.com.au/products/?pid=735...
D-Link DAP 1150 Cross Site Request Forgery / Cross Site Scripting D-Link DAP 1150 Cross Site Reques
Exploit for hardware platform in category web applications In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wro...