ZTE ZXDSL 831CII Direct Object Reference

The modem usually serves html files & protects them with HTTP Basic authentication. however, the cgi files, does not get this protection. so simply requesting any cgi file without no authentication would give a remote attacker full access to the modem and then can easily be used to root the modem...

UBUNTU-CVE-2014-5015

bozotic HTTP server aka bozohttpd before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path...

Axis Network Camera 2.x HTTP Authentication Bypass Vulnerability

No description provided by source...

Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt Published: 04/11/12 Version: 1.0 Vendor: Plixer International...

Xerver 4.32 - Source Disclosure and HTTP Authentication Bypass

No description provided by source. Exploit Title: Xerver Source Disclosure and HTTP Auth Bypass Date: 01 Aug 2010 Author: Ben Schmidt aka supernothing Software: http://www.javascript.nu/xerver/ Version: 4.32 and prior Tested on: Windows XP SP3 CVE: N/A This file is derived from part of the...

Cobalt RaQ 2.0/3.0/4.0 XTR MultiFileUpload.php Authentication Bypass Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services. It is distributed and maintained by Sun Microsystems. The 'MultiFileUpload.php' script is not sufficiently protected from outside access. While other...

Google Chrome Silent HTTP Authentication

No description provided by source. Exploit Title: Google Chrome Silent HTTP Authentication Date: 2-5-2013 Exploit Author: T355 Vendor Homepage: http://www.google.com/chrome Version: 24.0.1312.57 Tested on: Tested on: Windows 7 & Mac OSX Mountain Lion CVE : n/a VULNERABILITY DETAILS The latest...

Axis Network Camera 2.x And Video Server 1-3 HTTP Authentication Bypass

No description provided by source. source: http://www.securityfocus.com/bid/11011/info A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. This issue is reported to affect: - Axis StorePoint CD E100 CD-ROM Server...

AWStats <= 6.5 (migrate) Remote Shell Command Injection Exploit

No description provided by source. !/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org...

Cobalt RaQ 2.0/3.0/4.0 XTR MultiFileUpload.php Authentication Bypass Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/4252/info Cobalt RaQ is a server appliance for Internet-based services. It is distributed and maintained by Sun Microsystems. The 'MultiFileUpload.php' script is not sufficiently protected from outside access. While other...

Fedora 20 : zabbix-2.0.11-3.fc20 (2014-5540)

The logrotate configuration had no su statement in 2.0.11-2. Furthermore, the log file should have been created as zabbixsrv:zabbix for the proxy and server, what they are now. http://www.zabbix.com/rn2.0.11.php Also solves 3 security issues : - ZBX-7703 fixed being able to switch users without...

Updated zabbix packages fix multiple vulnerabilities

Updated zabbix packages fix security vulnerabilities: Zabbix before 2.0.11 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldapbindpassword value in the HTML source code CVE-2013-5572. Zabbix before 2.0.11 allows switchi...

Security advisory, LedgerSMB 1.3.0-1.3.36

Security Advisory: LedgerSMB 1.3.36, Improper Logout on Some Browsers Severity: Low cvssv2 base score: 3.6, total 0.5 Remotely Exploitable: No Complexity of Attack: High Impact: Relatively low. Prerequisite for Attack: Physical Access to Previously Logged In Browser, so high complexity in most...

LedgerSMB Improper Logout

Security Advisory: LedgerSMB 1.3.36, Improper Logout on Some Browsers Severity: Low cvssv2 base score: 3.6, total 0.5 Remotely Exploitable: No Complexity of Attack: High Impact: Relatively low. Prerequisite for Attack: Physical Access to Previously Logged In Browser, so high complexity in most...

Unauthorized console access on Satechi travel router v1.5

Satechi makes a travel router that broadcasts a protected wifi network that can be configured connect to either a wired or wireless network on it’s public wan interface. It runs a customized dd-wrt build from version 2.4 The router is configurable via a web interface available within its protecte...

Amazon Linux AMI : lighttpd (ALAS-2012-107)

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

Fedora Update for nodejs-hawk FEDORA-2013-11780

Check for the Version of nodejs-hawk OpenVAS Vulnerability Test Fedora Update for nodejs-hawk FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

[SECURITY] Fedora 18 Update: nodejs-hawk-0.15.0-1.fc18

Hawk is an HTTP authentication scheme using a message authentication code MAC algorithm to provide partial HTTP request cryptographic verification...

ZPanel 10.0.0.2 htpasswd Module - &#039;Username&#039; Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ZPanel 10.0.0.2...

Cisco Linksys E1200 / N300 Cross Site Scripting Vulnerability

Cisco Linksys E1200 and N300 routers version 2.0.04 suffer from a cross site scripting vulnerability. Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue :...