Addonics NAS Adapter (bts.cgi) Remote DoS Exploit (post-auth)

Remote: Yes Local: No Credit: Mike Cyr, aka h00die Vulnerable: NASU2FW41 Loader 1.17 Not Vulnerable: Discussion: Addonics NAS Adapter Post-Auth DoS Addonics NAS Adapter is prone to several post authentication buffer overflows. Each of these buffer overflows will crash the entire TCP/IP stack and...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that...

CVE-2008-6605

Cross-site request forgery CSRF vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that...

Addonics NAS Adapter Post-Auth DoS

Remote: Yes Local: No Credit: Michael Cyr Vulnerable: R3282-1.33c LOADER32 1.15, NASU2FW41 Loader 1.17 Not Vulnerable: Discussion: Addonics NAS Adapter Post-Auth DoS Addonics NAS Adapter is prone to several post authentication buffer overflows. Each of these buffer overflows will crash the entire...

Directory traversal

Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color...

CVE-2008-5685

Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller SC, the system console, and possibly the host OS, and cause a denial of service shutdown or reboot, via spoofed IP packets...

CVE-2008-5685

Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller SC, the system console, and possibly the host OS, and cause a denial of service shutdown or reboot, via spoofed IP packets...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to 1 change a configuration or 2 delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown;...

netgear-dos.txt

Not sure how to rate this, but at the same time, i really don't give a shit. one of those days... You can crash the admin interface by sending a malformed URL to the web interface of this wireless router. No recovery, a reboot fixes the issue. Wouldn't even really call it a "malformed URL" either...

Marvell Driver Malformed Association Request Vulnerability

Title: ------ Marvell Driver Malformed Association Request Vulnerability Summary: -------- The wireless drivers in some Wi-Fi access points such as the MARVELL-based Linksys WAP4400N do not correctly parse some malformed 802.11 frames. Assigned CVE: ------------- CVE-2008-4441 Details: -------- T...

Code injection

Unspecified vulnerability in the Sun Netra T5220 Server with firmware 7.1.3 allows local users to cause a denial of service panic via unknown vectors...

CVE-2008-1938

Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks...

CVE-2008-1528

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for 1 RemMagSNMP.html, which...

Default credentials

ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, have 1 "user" as their default password for the "user" account and 2 "1234" as their default password for the "admin" account, which makes it easier for remote attackers to obtain access...

CVE-2008-1527

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3, support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack...

CVE-2008-1524

The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, has "public" as its default community for both 1 read and 2 write operations, which allows remote attackers to perform administrative actions via SNMP, as demonstrated by readin...

CVE-2008-1526

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3, do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords...

CVE-2008-1527

CVE-2008-1527 affects ZyXEL Prestige routers P-660, P-661, and P-662 with firmware versions 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3). The issue arises from HTTP authentication using a hash in the hiddenPassword field, enabling remote attackers to gain access via a replay attack. Reported imp...

CVE-2008-1528

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40AGD.2 through 3.40AHQ.3, allow remote authenticated users to obtain authentication data by making direct HTTP requests and then reading the HTML source, as demonstrated by a request for 1 RemMagSNMP.html, which...

CVE-2008-1527

ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40PE9 and 3.40AGD.2 through 3.40AHQ.3, support authentication over HTTP via a hash string in the hiddenPassword field, which allows remote attackers to obtain access via a replay attack...