5773 matches found
CVE-2018-6941
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS...
Design/Logic Flaw
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF...
Cross site request forgery (csrf)
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS...
CVE-2018-6940
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF...
CVE-2018-6940
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF...
CVE-2018-6941
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS...
CVE-2018-6940
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF...
CVE-2018-6941
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS...
CVE-2018-6941
CVE-2018-6941 describes a CSRF vulnerability in NAT32 v2.2 Build 22284 HTTPD that can enable Remote Code Execution when an authenticated NAT32 user visits a malicious link or page. Public writeups/PoCs (e.g., Exploit-DB, PacketStorm) illustrate a payload like /shell?cmd= and document that no chec...
CVE-2018-6940
CVE-2018-6940 describes a Remote Command Execution risk in NAT32 v2.2 Build 22284 through the HTTPD interface. The vulnerability stems from a /shell?cmd= endpoint exposed on NAT32’s web UI ( port 8080 ) that could allow attackers to execute commands, potentially via CSRF as indicated by multiple ...
NAT32 Build 22284 Remote Command Execution / CSRF
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product: =========== NAT32 Build 22284 NAT32r is a...
NAT32 2.2 Build 22284 - Cross-Site Request Forgery Vulnerability
Exploit for windows platform in category web applications + Credits: hyp3rlinx Vendor: ============= www.nat32.com Product: =========== NAT32 Build 22284 NAT32® is a versatile IP Router implemented as a WIN32 application. Vulnerability Type: =================== Remote Command Execution CSRF CVE...
NAT32 2.2 Build 22284 - Cross-Site Request Forgery
NAT32 2.2 Build 22284 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Produc...
NAT32 2.2 Build 22284 - Remote Command Execution Vulnerability
Exploit for windows platform in category web applications + Credits: hyp3rlinx Vendor: ============= www.nat32.com Product: ================= NAT32 Build 22284 NAT32 is a versatile IP Router implemented as a WIN32 application. Vulnerability Type: =================== Remote Command Execution CVE...
NAT32 2.2 Build 22284 - Cross-Site Request Forgery
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product: =========== NAT32 Build 22284 NAT32® is a...
mini-httpd and thttpd buffer overflow vulnerabilities
Both thttpd and mini-httpd are products developed by ACME Labs. thttpd is a lightweight HTTP server that supports URL-based file traffic limiting as well as support for multiple platforms such as FreeBSD, SunOS, Solaris, BSD, etc. mini-httpd is a small HTTP server that supports basic...
ALPINE-CVE-2017-17663
The htpasswd implementation of minihttpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution...
PT-2018-6543 · Acme +2 · Mini Httpd +3
Name of the Vulnerable Software and Affected Versions: mini httpd versions prior to 1.28 thttpd versions prior to 2.28 Description: The issue is related to a buffer overflow in the htpasswd implementation, which can be exploited remotely to perform code execution. Recommendations: For mini httpd...
[slackware-security] php
New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/php-5.6.33-i586-1slack14.2.txz: Upgraded. This update fixes bugs and security issues, including: Potential infinite loop in...
CVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...