21 matches found
Vulnerabilities in D-Link DAP-1360
Hello 3APA3A! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This...
D-Link DAP 1150 Cross Site Request Forgery / Cross Site Scripting D-Link DAP 1150 Cross Site Reques
Exploit for hardware platform in category web applications In 2011 and beginning of 2012 I wrote about multiple vulnerabilities http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html in D-Link DAP 1150 several dozens. That time I wro...
Vulnerabilities in Contact Form 7 for WordPress
Hello 3APA3A! I want to inform you about vulnerabilities in Contact Form 7 plugin for WordPress. These are Code Execution via Arbitrary File Uploading vulnerabilities two attack vectors. This is addition to previous Code Execution vulnerability in Contact Form 7...
GDD FLVPlayer 3.635 Cross Site Scripting / Content Spoofing
Hello list! These are Content Spoofing and Cross-Site Scripting vulnerabilities in GDD FLVPlayer. ------------------------- Affected products: ------------------------- Vulnerable are GDD FLVPlayer v3.635 and previous versions. ------------------------- Affected vendors: -------------------------...
Microsoft Internet Explorer 7 Denial Of Service
Microsoft Internet Explorer version 7.00.5730.13 suffers from a redirector denial of service vulnerability. Hello list! I want to warn you about Denial of Service vulnerabilities in Internet Explorer. I've found these DoS holes in IE7 already in August 2010. ------------------------- Affected...
HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino
Hello 3APA3A! I want to warn you about HTTP Response Splitting and Cross-Site Scripting vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3301. ------------------------- Affected products:...
XSS, Redirector and FPD vulnerabilities in WordPress
Hello 3APA3A! In June I've disclosed vulnerabilities in WordPress, which I'd present for you. They take place in plugin Akismet for WordPress and it's core-plugin since version WP 2.0, so these vulnerabilities concern WordPress itself. This is the first in series of advisories concerning...
Multiple CSRF, DoS and XSS vulnerabilities in D-Link DAP 1150
Hello 3APA3A! I want to warn you about new security vulnerabilities in D-Link DAP 1150 Wi-Fi Access Point and Router. These are Cross-Site Request Forgery, Denial of Service and Cross-Site Scripting vulnerabilities. This is my fourth advisory from series of advisories about vulnerabilities in...
Vulnerabilities in D-Link DAP 1150
Hello 3APA3A! I want to warn you about security vulnerabilities in D-Link DAP 1150 WiFi Access Point and Router. These are Predictable Resource Location, Brute Force and Cross-Site Request Forgery vulnerabilities. This is my second advisory from series of advisories about vulnerabilities in D-Lin...
Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new multiple security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem wa...
CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about new security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough a...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...
New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. Which I've found in your modem. In April I've already drew attention of Ukrtelecom's representativ...
Vulnerabilities in ADSL modem Callisto 821+
Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Predictable Resource Location and Brute Force vulnerabilities. Predictable Resource Location WASC-34: http://192.168.1.1 web server on 80 and 8008 ports. The control...
W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion
Hello list! I want to warn you about Cross-Site Scripting, Local File Inclusion and Brute Force vulnerabilities in W-Agora. SecurityVulns ID: 11499. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details:...
Firebook 3.100328 Cross Site Scripting / Disclosure
Hello list! I want to warn you about Insufficient Anti-automation, Abuse of Functionality, Information Leakage and Cross-Site Scripting vulnerabilities in Firebook. SecurityVulns ID: 11396. ------------------------- Affected products: ------------------------- Vulnerable are Firebook 3.100328 and...
W-Agora 4.2.1 Cross Site Scripting / Denial Of Service / SQL Injection
Hello Packet Storm! I want to warn you about Cross-Site Scripting, SQL DB Structure Extraction, SQL Injection and Denial of Service vulnerabilities in W-Agora. SecurityVulns ID: 11324. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous...