21 matches found
CVE-2026-7840
UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wisenderr and wireplyhdr in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer hdrbuf via unchecked sprintf calls...
EUVD-2026-40885
UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...
EUVD-2000-0416
Malware in sbrugna...
EUVD-2002-1135
Malware in sbrugna...
EUVD-2004-2037
Malware in sbrugna...
Oracle GlassFish Enterprise Server REST Interface Cross Site Request Forgery (CVE-2012-0550)
A cross-site request forgery CSRF vulnerability has been reported in the GlassFish HTTP administration interface...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via 1 a certain "show privilege" command to the /level/15/exec/- URI, and 2 a certain "alias...
CVE-2008-4128
Multiple cross-site request forgery CSRF vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via 1 a certain "show privilege" command to the /level/15/exec/- URI, and 2 a certain "alias...
CVE-2008-4128
CVE-2008-4128 concerns Cisco IOS 12.4 on the 871 ISR, where multiple CSRF vulnerabilities in the HTTP Administration component can allow remote command execution via the show privilege command to /level/15/exec/- and the alias exec command to /level/15/exec/-/configure/http. Connected sources con...
CVE-2008-4128
Multiple cross-site request forgery CSRF vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via 1 a certain "show privilege" command to the /level/15/exec/- URI, and 2 a certain "alias...
Cisco Router HTTP Administration CSRF Command Execution Exploit 2
No description provided by source. !-- Jeremy Brown [email protected]/http://jbrownsec.blogspot.com Cisco Router HTTP Administration CSRF Remote Command Execution Universal Exploit 2 Replace "10.10.10.1" with the IP address of the target router, embed this in a web page and hope for the best...
PT-2008-5427
Name of the Vulnerable Software and Affected Versions Cisco IOS version 12.4 on the 871 Integrated Services Router Description The issue allows remote attackers to execute arbitrary commands. This is achieved through cross-site request forgery CSRF vulnerabilities in the HTTP Administration...
Cisco Router HTTP Administration CSRF Command Execution Exploit 2
Exploit for hardware platform in category remote exploits ================================================================= Cisco Router HTTP Administration CSRF Command Execution Exploit 2 ================================================================= 0day.today 2018-03-01...
ciscOWN1.txt
...
Cisco Router - HTTP Administration Cross-Site Request Forgery Command Execution (2)
Cisco Router - HTTP Administration Cross-Site Request Forgery Command Execution 2 milw0rm.com 2008-09-17...
Design/Logic Flaw
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous RV 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request...
CVE-2007-4159
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous RV 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request...
CVE-2004-2045
The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service device reboot via an HTTP request with a long username...
CVE-2004-2045
The CVE-2004-2045 issue affects the Conceptronic CADSLR1 ADSL router (firmware 3.04n). The HTTP administration interface is vulnerable to a denial-of-service (device reboot) caused by sending an HTTP request with a long username. The root cause is not detailed beyond the long username triggering ...
CVE-2004-2045
The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service device reboot via an HTTP request with a long username...