CVE-2015-3236

cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...

Ruby Web Applications Vulnerability Scanner: Yasuo

Ruby Web Applications Vulnerability Scanner Yasuo is a ruby script that scans for vulnerable 3rd-party web applications While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us ...

Net-creds - Sniff passwords and hashes from an interface or pcap file

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Sniffs URLs visited POST loads sent HTTP form logins/passwords HTTP basic auth logins/passwords HTTP searches FTP logins/passwords IRC...

SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass

Services Basic Authentication module adds HTTP basic authentication for Services module. A user could get unauthorized access to resources under some circumstances. This vulnerability is mitigated by the fact that the authentication works correctly when page caching is disabled. CVE identifiers...

Apache ActiveMQ Web Console Default Credentials

ActiveMQ Web Console, an administrative interface for Apache ActiveMQ, is protected using default credentials. Note that no authentication mechanism was provided prior to version 5.4.0. However, in version 5.4.0, HTTP Basic Authentication was an option, and starting with version 5.8.0, this was...

ZTE ZXDSL 831CII - Insecure Direct Object Reference Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure dire...

ZTE ZXDSL 831CII - Insecure Direct Object Reference

ZTE ZXDSL 831CII - Insecure Direct Object Reference Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference Date: 11/3/2014 Exploit Author: Paulos Yibelo Vendor Homepage: zte.com.cn Software Link: - Version: - Tested on: Windows 7 CVE :- ZTE ZXDSL 831CII suffers from an insecure direct obje...

CVE-2014-6061: Security issue when parsing the Authorization header

Affected Versions All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not...

DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS

No description provided by source. / DotDefender = 3.8-5 No Authentication Remote Code Execution Through XSS Tested on DotDefender 3.8-5 On Ubuntu Server 9.10 64-bit with Firefox 3.6.3 Paul Hand aka rAWjAW AT offsec.com Original Post-Authentication Remote Command Execution Vulnerability:...

ntop 3.3.10 HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36074/info The 'ntop' tool is prone to a denial-of-service vulnerability because of a NULL-pointer dereference that occurs when crafted HTTP Basic Authentication credentials are received by the embedded webserver. An...

Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability

Description: The Asus RT-N66U is a home wireless router. Its web application has a CSRF vulnerability that allows an attacker to execute arbitrary commands on the target device. Exploitable URL: The parameter SystemCmd in the URL below causes the device to execute arbitrary commands. The value...

IBM Informix Web Datablade 4.1x Page Request SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4496/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL, dynamically generates HTML content based on Database data. Web Datablade is available for Apache,...

ASUS RT-N56U - Remote Buffer Overflow (ROP)

ASUS RT-N56U - Remote Buffer Overflow ROP !/usr/bin/env python from time import sleep from sys import exit import urllib2, signal, struct, base64, socket, ssl Title: ASUS RT-N56U Remote Root Shell Exploit - appsname Discovered and Reported: October 2013 Discovered/Exploited By: Jacob Holcomb/Gimp...

NETGEAR WNR1000v3 Password Recovery Vulnerability

Description: Newer firmware versions of the NETGEAR N150 WNR1000v3 wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability allows an attacker to recover the router's plaintext Administrator credentials and subsequently gain full access to the device. This...

[Router Password Kracker] Router Password Recovery Software

Router Password Kracker is a free software to recover the lost password of your Router. It can also be used to recover password from your internet Modem or Web sites which are protected by HTTP BASIC Authentication. Generally Routers or Modems control their access by using HTTP BASIC authenticati...

Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability

Exploit for hardware platform in category web applications Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage:...

Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery

Asus RT-N66U 3.0.0.4.374720 - Cross-Site Request Forgery Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage:...

Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery

Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage: http://www.asus.com/Networking/RTN66U/ Software Link:...

ASUS RT-N66U 3.0.0.4.374_720 Cross Site Request Forgery

Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage: http://www.asus.com/Networking/RTN66U/ Software Link:...

Re: Cisco/Linksys E1200 N300 Reflected XSS

Mitre has assigned the following CVE for this issue: CVE-2013-2679 On Mon, Apr 29, 2013 at 12:27 AM, Carl Benedict [email protected] wrote: Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently...