CVE-2008-1528

Affected: ZyXEL Prestige routers P-660, P-661, P-662 with firmware 3.40(AGD.2)–3.40(AHQ.3). Issue: remote authenticated users can read HTML sources via direct HTTP requests to disclose credentials, e.g., RemMagSNMP.html reveals SNMP communities and WLAN.html reveals WEP keys. Root cause: inadequa...

CVE-2008-1525

The default SNMP configuration on ZyXEL Prestige routers, including P-660 and P-661 models with firmware 3.40AGD.2 through 3.40AHQ.3, has a Trusted Host value of 0.0.0.0, which allows remote attackers to send SNMP requests from any source IP address...

CVE-2008-1431

RaidSonic NAS-4220-B with 2.6.0-n2007-10-11 firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key...

Default credentials

The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware has "admin" as its default password for the "admin" account, which makes it easier for remote attackers to obtain access...

CVE-2007-6707

CVE-2007-6707 describes multiple XSS vulnerabilities in the Cisco Linksys WAG54GS Wireless-G ADSL Gateway (firmware 1.01.03 and earlier) via the device’s web interface, enabling remote script injection through unspecified vectors. The connected records confirm affected product and firmware family...

CVE-2008-1247

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to 1 Advanced.tri, 2 AdvRoute.tri, 3 Basic.tri, 4 ctlog.tri, 5 ddns.tri, 6 dmz.tri...

F5 BIG-IP 9.4.3 - 'SearchString' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27272/info F5 BIG-IP is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Level-One WBR-3460A Grants Root Access

Advisory: Level-One WBR-3460A Grants Root Access Risk: High Vendor Status: Vendor has not released an updated version Release Date: 08/01/2008 Last Modified: 01/01/2008 Author: Anastasios Monachos anastasiosmatgmaildotcom I Affected Products: ==================== Level-One WBR-3460A latest firmwa...

Linksys WRT54 GL - Session riding (CSRF)

==================================================================================== Team Intell Security Advisory TISA2008-01 ------------------------------------------------------------------------------------ Linksys WRT54 GL - Session riding CSRF...

CVE-2007-5036

CVE-2007-5036 affects AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4. Multiple buffer overflows in the HTTPS service allow remote authenticated users to cause a denial of service (HTTPS service outage) via crafted query strings to adLog.cgi, post.cgi, or ad.cgi (related to the "files...

CVE-2007-4498

The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service blocked call reception via a certain SIP INVITE message followed by a...

CVE-2007-4498

The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service blocked call reception via a certain SIP INVITE message followed by a...

[Full-disclosure] Zyxel Zywall 2 multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Louhi Networks Oy -= Security Advisory =- Advisory: Zyxel Zywall 2 Multiple vulnerabilities Release Date: 2007-08-10 Last Modified: 2007-08-10 Authors: Henri Lindberg, Associate of ISC? [email protected] Application: ZyNOS Firmware Version:...

Code injection

Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors...

CVE-2007-3786

Cross-site request forgery CSRF vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a...

Information disclosure

The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information passwords and configuration data via a packet to UDP port 916. NOTE: some of these details are obtained from third party...

Design/Logic Flaw

SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service complete packet loss via a packet flood, a different vulnerability than CVE-2006-4613...

IP3 NetAccess < 4.1.9.6 Remote Arbitrary File Disclosure Vulnerability

Exploit for hardware platform in category remote exploits ====================================================================== IP3 NetAccess 4.1.9.6 Remote Arbitrary File Disclosure Vulnerability ====================================================================== I - TITLE Security advisory:...

IP3 NetAccess 4.1.9.6 - Arbitrary File Disclosure

IP3 NetAccess 4.1.9.6 - Arbitrary File Disclosure I - TITLE Security advisory: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise II - SUMMARY Description: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise Author:...

IP3 NetAccess &lt; 4.1.9.6 - Arbitrary File Disclosure

I - TITLE Security advisory: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise II - SUMMARY Description: Arbitrary file disclosure vulnerability in IP3 NetAccess leads to full system compromise Author: Sebastian Wolfgarten sebastian at wolfgarten dot com Dat...