D-Link DIR-815 Buffer Overflow / Command Injection Vulnerabilities

D-Link DIR-815 suffers from buffer overflow and command injection vulnerabilities. Title: DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities Vendors contacted: William Brown , Patrick Cline email protected CVE: None Note: All these security issues have been...

D-Link DIR-615 Buffer Overflow Vulnerability

D-Link DIR-615 suffers from multiple buffer overflow vulnerabilities. Title: Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality Vendors contacted: William Brown , Patrick Cline email protected CVE: None Note: All these security issues have been discussed with the...

D-Link DGL5500 - HNAP Buffer Overflow

Advisory Information Title: DGL5500 Un-Authenticated Buffer overflow in HNAP functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues a...

D-Link DIR-818W - Multiple Vulnerabilities

Advisory Information Title: DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated...

D-Link DIR-825 (vC) - Multiple Vulnerabilities

Advisory Information Title: DIR-825 vC Buffer overflows in authentication,HNAP and ping functionalities. Also a directory traversal issue exists which can be exploited Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been...

D-Link DIR-601 - Command Injection

D-Link DIR-601 - Command Injection Advisory Information Title: DIR-601 Command injection in ping functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they...

D-Link DIR-601 Command Injection

Advisory Information Title: DIR-601 Command injection in ping functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor indicated that they have fixed issues as per the email...

D-Link DGL5500 - HNAP Buffer Overflow

D-Link DGL5500 - HNAP Buffer Overflow Advisory Information Title: DGL5500 Un-Authenticated Buffer overflow in HNAP functionality Vendors contacted: William Brown , Patrick Cline [email protected] CVE: None Note: All these security issues have been discussed with the vendor and vendor...

WordPress i1.wp.com Functionality Abuse

Exploit Title: Wordpress i1.wp.com Abuse of Functionality Date: Nov 12th 2015 WASC: WASC-42 Exploit Author: Andrea Menin github.com/theMiddleBlue/ Video: https://www.youtube.com/watch?v=6g2khjbflmA Description: ------------ Abuse of Functionality is an attack technique that uses a web site's own...

CVE-2015-8007

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification...

CVE-2015-8007

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification...

CentOS Update for kernel CESA-2015:1978 centos7

Check the version of kernel SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882322";...

iBackDoor: High-Risk Code Hits iOS Apps

Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...

Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities

The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p4. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ntpcrypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, vi...

kostroma.mts.ru XSS vulnerability

Vulnerable URL: http://www.kostroma.mts.ru/search/?text=confirm/XSSPOSED/...

AoF ana CSRF vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DCS-2103 IP camera. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DCS-2103, Firmware 1.20. All previous versions also must be...

bioengineering.manchester.ac.uk XSS vulnerability

Vulnerable URL: http://www.bioengineering.manchester.ac.uk/about-us/search/?q=glubz%22%3E%3Cimg+src%3Dx+onerror%3Dwindow.onerror%3Dalert%3Bthrow%2Fxssposed%2F%3B%2F%2F%3E%3C=EPSBioengineering=Search Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability...

CVE-2015-7839

SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...

CVE-2015-7839

SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...

aitika.ru XSS vulnerability

Vulnerable URL: http://aitika.ru/search/?s=x" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 587170 Google Pagerank| 1 VIP website status:| No Check aitika.ru SSL connection:| Grad...