5781 matches found
NAT32 2.2 Build 22284 - Cross-Site Request Forgery
NAT32 2.2 Build 22284 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Produc...
NAT32 2.2 Build 22284 - Remote Command Execution Vulnerability
Exploit for windows platform in category web applications + Credits: hyp3rlinx Vendor: ============= www.nat32.com Product: ================= NAT32 Build 22284 NAT32 is a versatile IP Router implemented as a WIN32 application. Vulnerability Type: =================== Remote Command Execution CVE...
NAT32 2.2 Build 22284 - Cross-Site Request Forgery
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product: =========== NAT32 Build 22284 NAT32® is a...
mini-httpd and thttpd buffer overflow vulnerabilities
Both thttpd and mini-httpd are products developed by ACME Labs. thttpd is a lightweight HTTP server that supports URL-based file traffic limiting as well as support for multiple platforms such as FreeBSD, SunOS, Solaris, BSD, etc. mini-httpd is a small HTTP server that supports basic...
ALPINE-CVE-2017-17663
The htpasswd implementation of minihttpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution...
PT-2018-6543 · Acme +2 · Mini Httpd +3
Name of the Vulnerable Software and Affected Versions: mini httpd versions prior to 1.28 thttpd versions prior to 2.28 Description: The issue is related to a buffer overflow in the htpasswd implementation, which can be exploited remotely to perform code execution. Recommendations: For mini httpd...
[slackware-security] php
New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/php-5.6.33-i586-1slack14.2.txz: Upgraded. This update fixes bugs and security issues, including: Potential infinite loop in...
CVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...
CVE-2017-15655
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version =3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time...
Design/Logic Flaw
Password are stored in plaintext in nvram in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt...
Input validation
Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...
Design/Logic Flaw
Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...
CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...
Buffer overflow
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version =3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time...
CVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...
CVE-2017-15654
Highly predictable session tokens in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allow gaining administrative router access...
CVE-2017-15656
Password are stored in plaintext in nvram in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt...
CVE-2017-15655
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version =3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the newest and thus are vulnerable at this time...
CVE-2017-15656
Password are stored in plaintext in nvram in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt...
CVE-2017-15653
Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...