20 matches found
EUVD-2011-4430
Malware in sbrugna...
EUVD-2007-6692
Malware in sbrugna...
EUVD-2007-6691
Malware in sbrugna...
CVE-2011-4504
The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability...
ZyXEL P-330W Multiple Vulnerabilities
No description provided by source...
CVE-2011-4504
The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability...
Xxe
The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability...
CVE-2011-4504
The CVE-2011-4504 entry concerns the UPnP IGD implementation in the Pseudo ICS UPnP software used by ZyXEL P-330W. The vulnerability arises in the UPnP AddPortMapping action processed on the WAN interface, related to an “external forwarding” issue, enabling remote attackers to establish arbitrary...
CVE-2007-6730
Multiple cross-site request forgery CSRF vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that 1 enable remote router management via goform/formRmtMgt or 2 modify the administrator passwor...
CVE-2007-6730
Multiple cross-site request forgery CSRF vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that 1 enable remote router management via goform/formRmtMgt or 2 modify the administrator passwor...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that 1 enable remote router management via goform/formRmtMgt or 2 modify the administrator passwor...
CVE-2007-6729
Cross-site scripting XSS vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors...
CVE-2007-6729
Cross-site scripting XSS vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors...
CVE-2007-6729
Cross-site scripting XSS vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors...
CVE-2007-6729
The CVE-2007-6729 entry describes a Cross-site scripting (XSS) vulnerability in the web management interface of the ZyXEL P-330W router. The flaw allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other vectors. Connected sources confirm the affected prod...
CVE-2007-6730
CVE-2007-6730 affects ZyXEL P-330W router via the web management interface, introducing CSRF vulnerabilities that allow remote attackers to hijack administrator authentication for (1) enabling remote router management through goform/formRmtMgt, and (2) changing the administrator password via gofo...
ZyXEL P-330W跨站脚本执行及请求伪造漏洞
BUGTRAQ ID: 27024 ZyXEL P-330W是一款无线宽带路由器。 ZyXEL P-330W处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞攻击用户系统。 ZyXEL P-330W的ping.asp文件中没有正确地过滤对pingstr参数的输入便返回给了用户,这允许攻击者通过跨站脚本在用户浏览器会话中执行任意HTML和脚本代码;此外设备还允许用户通过HTTP请求执行各种操作,但没有验证请求的有效性,这可能允许攻击者通过伪造请求执行各种攻击,如更改管理员口令。 ZyXEL P-330W ZyXEL -----...
zyxel-xssxsrf.txt
ZyXEL P-330W “Secure Wireless Internet Sharing Router” is vulnerable to multiple XSS and XSRF attacks. There are a plethora of XSS vulns in the web-based management interface so I'll leave it to you to discover these gifts on your own. Here is a starting point: http://:/ping.asp?pingstr=”alert"M...
ZYXEL P-330W - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/27024/info ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize user-supplied input. These issues affect...