CVE-2025-34306 IPFire < v2.29 Stored XSS via Default IP Search Value

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

CVE-2021-23718

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private...

Server-side Request Forgery (SSRF)

Overview ssrf-agent is a prevent SSRF in https request Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private. PoC by Sayooj B Kumar // run a service on your localhost con...

Cisco ASA Next-Generation Firewall Services Security Bypass Vulnerability

Cisco ASA Next-Generation Firewall Services is the United States Cisco Cisco a set of next-generation firewall products running in the next generation of modular security services suite. A security bypass vulnerability exists in the Create Default IP Blocking process in Cisco ASA Next-Generation...

Arris DG1670A Cable Modem Remote Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution Title: Arris DG1670A Cable Modem Remote Command Execution Advisory ID: KL-001-2016-001 Publication Date: 2016.02.12 Publication URL:...

Arris DG1670A Cable Modem Remote Command Execution

Vulnerability Details Affected Vendor: Arris Affected Product: Cable Modem Affected Version: DG1670A, TG1670 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path; CWE-77: Improper Neutralization of Special Elements used in a Command; CWE-522: Insufficiently...

Vulnerability-Riddled Drug Pumps Open to Takeover

One medical device company’s line of drug pumps is so fraught with vulnerabilities that the researcher that discovered the flaws claims the pump is the least secure IP-enabled device he’s ever come across. Certain versions of Hospira’s Lifecare PCA3 Drug Infusion pumps are susceptible to multiple...

Sitecom WLM-2501 CSRF Vulnerabilities

No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Sitecom WLM-2501 Change Wireless Passphrase Date : 13-03-2012 Author : Ivano Binetti http://www.ivanobinetti.com...

ONO Hitron CDE-30364 Router - Denial of Service

!/usr/bin/python ----------------------------------------------------------------------------------------- Description: ----------------------------------------------------------------------------------------- Hitron Technologies CDE-30364 is a famous ONO Router. The Hitron Technologies CDE-30364...

Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities

Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Sitecom WLM-2501 new Multiple CSRF Vulnerabilities Date : 22-03-2012 Author :...

Sitecom WLM-2501 - Cross-Site Request Forgery

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Sitecom WLM-2501 Change Wireless Passphrase Date : 13-03-2012 Author : Ivano Binetti http://www.ivanobinetti.com Vendor site :...

Cisco Linksys WAG54GS - Cross-Site Request Forgery (Change Admin Password)

Cisco Linksys WAG54GS - Cross-Site Request Forgery Change Admin Password +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Cisco Linksys WAG54GS ADSL Router change admin password Date : 20-02-2012...

Linux/sparc - connect back - 216 bytes

No description provided by source. / linux sparc connect back shellcode, because someone had to evade those firewalls. sigh / / OS : Linux Architecture : Sparc Type : Connect Back Lenght : 216 Bytes Listen-Port : 2313/TCP Default IP : 192.168.100.1 see how you'll change it at the end. null bytes...

A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg...

A-Link WL54AP3 and WL54AP2 CSRF+XSS Vulnerability

No description provided by source. Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg [email protected]...

linux/SPARC connect back 216 bytes

No description provided by source. / linux sparc connect back shellcode, because someone had to evade those firewalls. sigh / / OS : Linux Architecture : Sparc Type : Connect Back Lenght : 216 Bytes Listen-Port : 2313/TCP Default IP : 192.168.100.1 see how you'll change it at the end. null bytes...