CVE-2016-8726

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server...

CVE-2016-8726

Summary of CVE-2016-8726 : Affected product is the Moxa AWK-3131A Wireless Access Point (firmware 1.1). The issue is a null pointer dereference in the Web Application’s /forms/web_runScript iw_filename function. An HTTP POST containing a blank line in the header can trigger a segmentation fault i...

Moxa AWK-3131A web_runScript Header Manipulation Denial of Service Vulnerability

Summary An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web...

Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability

Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of...

[SECURITY] Fedora 25 Update: curl-7.51.0-6.fc25

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Avaya Radvision SCOPIA Desktop SQL Injection

https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlgloginowneridjsp-ownerid-sql-injection.html Date: 04-Apr-2017 Product: Avaya Radvision SCOPIA Desktop Versions affected: v7.7.000.042 released in 2011 confirmed v8.2.101.046 relased in 2013 confirmed Vulnerability: Blind SQL injectio...

AlienVault OSSIM/USM < 5.3.6 RCE Vulnerability - Active Check

AlienVault OSSIM and USM are prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

McAfee ePolicy Orchestrator SQL Injection Vulnerability

McAfee ePolicy Orchestrator is prone to a blind SQL injection vulnerability SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-8027

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator ePO 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a...

Sql injection

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator ePO 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a...

CVE-2016-8027

SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator ePO 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a...

CVE-2016-8027

Summary: CVE-2016-8027 is a SQL injection in McAfee ePolicy Orchestrator (ePO) where the Agent GUID is used to build a SQL query without proper sanitization. The vulnerability exists in the DataChannel/Agent communication path (via SPIPE and HTTP POST) used by agents to report data. The exploit c...

CVE-2017-6334

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077...

CVE-2017-6334

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077...

Conext ComBox 865-1058 - Denial of Service Exploit

Exploit for hardware platform in category dos / poc Exploit Title: Conext ComBox - Denial of Service HTTP-POST Description: The exploit cause the device to self-reboot, constituting a denial of service. Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover...

Conext ComBox 865-1058 Denial Of Service

Exploit Title: Conext ComBox - Denial of Service HTTP-POST Description: The exploit cause the device to self-reboot, constituting a denial of service. Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover Lost Password" Date: March 02, 2017 Exploit Author:...

Conext ComBox 865-1058 - Denial of Service

Exploit Title: Conext ComBox - Denial of Service HTTP-POST Description: The exploit cause the device to self-reboot, constituting a denial of service. Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover Lost Password" Date: March 02, 2017 Exploit Author:...

Conext ComBox 865-1058 - Denial of Service

Conext ComBox 865-1058 - Denial of Service Exploit Title: Conext ComBox - Denial of Service HTTP-POST Description: The exploit cause the device to self-reboot, constituting a denial of service. Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover Lost...

Cross site request forgery (csrf)

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the pingIPAddr field of an HTTP POST request...

CVE-2017-6077

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the pingIPAddr field of an HTTP POST request...