Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Netcool/Reporter (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Netcool/Reporter. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

[SECURITY] [DLA 1389-1] apache2 security update

Package : apache2 Version : 2.2.22-13+deb7u13 CVE ID : CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 Debian Bug : Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that modauthnzldap, if configured with AuthLDAPCharsetConfig,...

Design/Logic Flaw

Password are stored in plaintext in nvram in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt...

CVE-2017-15654

Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...

CVE-2017-15653

Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...

CVE-2017-15655

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version =3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time...

CVE-2017-15656

Password are stored in plaintext in nvram in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt...

Input validation

Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...

Design/Logic Flaw

Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...

Buffer overflow

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version =3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time...

CVE-2017-15656

Password are stored in plaintext in nvram in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt...

CVE-2017-15655

CVE-2017-15655 affects the AsusWRT HTTPd server in Asus routers with firmware versions up to 3.0.0.4.376.X. The vulnerability is a buffer overflow in the HTTPd service that can lead to remote code execution with administrator privileges when an administrator visits certain pages. All vulnerable i...

CVE-2017-15654

Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...

CVE-2017-15656

CVE-2017-15656 is confirmed to affect AsusWRT firmware with the httpd nvram storage path. Multiple connected sources state plaintext passwords are stored in nvram and thus readable without proper protection in versions up to 3.0.0.4.380.7743 (and earlier per CNVD), enabling an attacker with acces...

CVE-2017-15653

CVE-2017-15653 concerns AsusWRT routers with the HTTPd web interface. It describes an improper administrator IP validation after login, allowing an unauthorized user who has a valid administrator session token to perform any action by sending a crafted User-Agent string. Affected versions are all...

CVE-2017-15654

CVE-2017-15654 affects AsusWRT's HTTPd in Asus routers (versions up to 3.0.0.4.380.7743). The vulnerability stems from highly predictable session tokens generated by reseeding the RNG with time(), enabling an attacker to infer or guess a valid administrator session and gain router admin access. C...

CVE-2017-15655

Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version =3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time...

CVE-2017-15653

Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...

Belkin N600DB Wireless Router - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: Belkin N600DB Wireless Router | Multiple Vulnerabilities Date: 16/01/2018 Exploit Author: Wadeek Hardware Version: F9K1102as v3 Firmware Version: 3.04.11 Vendor Homepage:...

Belkin N600DB Command Injection / Backdoor

Exploit Title: Belkin N600DB Wireless Router | Multiple Vulnerabilities Date: 16/01/2018 Exploit Author: Wadeek Hardware Version: F9K1102as v3 Firmware Version: 3.04.11 Vendor Homepage: http://www.belkin.com/fr/support/product/?pid=F9K1102as Firmware Link:...