Default credentials

An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account which is a low privilege account access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML...

WordPress Plugin Work-The-Flow 1.2.1 - Arbitrary File Upload

Author: nopesled Date: 24/04/14 Software: https://wordpress.org/plugins/work-the-flow-file-upload/ Company: http://wtf-fu.com/ Version: 1.2.1 Tested on: Windows 7 Vulnerability: Unrestricted File Upload Submit an image file via the wtf upload panel and intercept the POST request to...