Zyxel / Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064 Exploit

Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on...

CVE-2016-6461

A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.16.10. Known Fixed Releases:...

CVE-2016-6461

A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.16.10. Known Fixed Releases:...

Cisco ASA Input Validation File Injection Vulnerability

A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. The vulnerability is due to improper user input validation. An attacker could exploit th...