14 matches found
EUVD-2006-0949
Malware in sbrugna...
Thomson SpeedTouch 500 Series LocalNetwork Page name Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/16839/info The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have...
Thomson SpeedTouch 2030 SIP畸形INVITE消息远程拒绝服务漏洞
BUGTRAQ ID: 25446 Thomson ST 2030是符合SIP/MGCP协议标准的VoIP电话。 ST 2030处理畸形的INVITE请求时存在漏洞,远程攻击者可能利用此漏洞导致设备不可用。 ST 2030电话没有正确地处理INVITE消息,如果远程攻击者向电话发送的INVITE消息中Via:字段中版本后包含有“/”字符的话,就会导致设备崩溃。 Thomnson SpeedTouch 2030 1.52.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Thomson SpeedTouch ST 2030 (SIP Phone) - Remote Denial of Service
Thomson SpeedTouch ST 2030 SIP Phone - Remote Denial of Service !/usr/bin/perl Vulneravility for Thomson 2030 firmware v1.52.1 It provokes a DoS in the device. use IO::Socket::INET; die "Usage $0 " unless $ARGV2; $socket=new IO::Socket::INET-newPeerPort=$ARGV1, Proto='udp', PeerAddr=$ARGV0; $msg ...
SpeedTouchXSS.txt
TITLE: Thomson SpeedTouch 500 series vulnerable to XSS CRITICAL: Less critical IMPACT: Cross Site Scripting SOFTWARE: SpeedTouch 5.3.2.6.0 DESCRIPTION: There consists a vulnerability in the SpeedTouch modems, which can be exploited by malicious people to conduct cross-site scripting attacks, and...
CVE-2006-0946
Cross-site scripting XSS vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page...
Code injection
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due...
CVE-2006-0946
Cross-site scripting XSS vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page...
CVE-2006-0947
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due...
CVE-2006-0946
Technical details about CVE-2006-0946 are not publicly provided in the supplied documents. No concrete information on affected products, root cause, or remediation is present. Monitor for updates.
CVE-2006-0947
CVE-2006-0947 affects Thomson SpeedTouch modem firmware 5.3.2.6.0. Affected component is the NewUser function where the 31 parameter can create accounts that the administrator cannot delete, due to filtering/cleansing in the admin interface. The issue allows remote attackers to create non-deletab...
Thomson SpeedTouch 500 modems vulnerable to XSS
TITLE: Thomson SpeedTouch 500 series vulnerable to XSS CRITICAL: Less critical IMPACT: Cross Site Scripting SOFTWARE: SpeedTouch 5.3.2.6.0 DESCRIPTION: There consists a vulnerability in the SpeedTouch modems, which can be exploited by malicious people to conduct cross-site scripting attacks, and...
Thomson SpeedTouch 500 Series - NewUser Function 31 Variable Persistent User Creation
Thomson SpeedTouch 500 Series - NewUser Function 31 Variable Persistent User Creation source: https://www.securityfocus.com/bid/16839/info The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied...
Thomson SpeedTouch 500 Series - LocalNetwork Page 'name' Cross-Site Scripting
source: https://www.securityfocus.com/bid/16839/info The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in t...