D-Link DIR-605L Model B Denial of Service Vulnerability

D-Link DIR-605L Model B is a wireless router product from AUO D-Link. A denial of service vulnerability exists in versions prior to D-Link DIR-605L Model B FW2.11betaB06hbrf. An attacker could exploit this vulnerability by sending an HTTP request with a password field with a long string in the HT...

Cross site request forgery (csrf)

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request...

CVE-2017-16953

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request...

CVE-2017-16953

The CVE-2017-16953 issue affects ZTE ZXDSL 831CII devices, where connoppp.cgi does not require HTTP Basic Authentication. This allows an unauthenticated remote attacker to modify the PPPoE configuration (or set up malicious configurations) via a GET request. Public references corroborate an acces...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

CVE-2017-17065

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service device crash or possibly have unspecified other impact by sending a sufficiently long string in the...

ZTE ZXDSL 831CII - Improper Access Restrictions Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================...

ZTE ZXDSL 831CII - Improper Access Restrictions

Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Date: 27/11/2017 Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================= The Router usually servers html files &...

CVE-2017-16934

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a changepassword.csp request, which supports a...

Design/Logic Flaw

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a changepassword.csp request, which supports a...

CVE-2017-16934

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a changepassword.csp request, which supports a...

CVE-2017-16934

CVE-2017-16934 affects the web server in DBL DBLTek devices. An attacker can obtain the admin password via a frame.html?content=/dev/mtdblock/5 request and use it for HTTP Basic Auth to reach change_password.csp, where the passwd parameter supports a

Netscape FastTrack Server Authentication Buffer Overflow Vulnerability

Netscape FastTrack Server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-10362

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials...

The numeric tech support scam campaign

There are many different tech support scam TSS campaigns active at any given moment, the majority of them are fueled by malicious adverts the browser lockers, or bundled software the screen lockers. Something interesting happened recently, where legitimate - but hacked - websites would redirect t...

VICIdial user_authorization Unauthenticated Command Execution

This module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled disabled by default. When password encryption is enabled the user's password...

Anybus Modbus Gateway - Authenticated Directory Traversal Vulnerability

The cgi-bin/read.cgi CGI script in the cgi-bin folder on the devices webserver is vulnerable to directly traversal by directly including any file. It typically includes files from the /home/httpd/jjs directoy but you can access files outside of the main webserver directory. There's 67 of these...

Schneider Electric Modicon M340 Devices Buffer Overflow Vulnerability (SEVD-2015-344-01)

Schneider Electric Modicon M340 devices are prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

Nextcloud: HTTP-Basic Authentication on logs.nextcloud.com

Greetings, While visiting https://logs.nextcloud.com/ , I noticed that this server use HTTP-Basic Authentication. F152730 POC : ------ GET https://logs.nextcloud.com/ HTTP/1.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.11; rv:50.0 Gecko/20100101 Firefox/50.0 Accept:...

Debian DLA-604-1 : ruby-actionpack-3.2 security update

Multiple vulnerabilities have been discovered in ruby-actionpack-3.2, a web-flow and rendering framework and part of Rails : CVE-2015-7576 A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare...