2Wire Authentication Bypass and Unauthorized Password Reset
Some 2Wire devices are vulnerable to authentication bypass and remote password reset attacks that allow drive by pharming.
View ArticleCommonspot CMS 5.1.0.x Cross Site Scripting vulnerabilities
XSS vulnerabilities in Commonspot CMS
View Article2Wire Remote Denial of Service
The remote management interface on tcp/50001 of various 2Wire devices suffer from a remote denial of service vulnerability.
View ArticleD-Link WBR-1310 Cross-Site Scripting
D-Link WBR-1310 Router is susceptible to XSS, allowing an attacker to change the Admins password...
View ArticleZenCart 1.3.8a Multiple XSS in Admin Interface
ZenCart 1.3.8a has a persistent XSS in 'Admin Home' in 'Last Name' parameter. Another Cross Site Scripting vulnerability exists in 'nogrants' parameter in sqlpatch.php.
View ArticleOPENCONF CE 3.41 MULTIPLE XSS AND SQL
OpenConf CE 3.41 contains multiple Cross-site Scripting vulnerabilities and an SQL injection vulnerability.
View ArticleCroogo CMS 1.2 Cross Site Scripting Vulnerabilities
Croogo CMS 1.2 Cross Site Scripting Vulnerabilities
View ArticleCroogo CMS 1.3 'Contact' and 'User' Module HTML Injection
Croogo CMS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
View ArticleHuawei EchoLife HG520c Denial of Service & Unauthorized Factory Reset
Huawei EchoLife HG520c modems are vulnerable to unauthorized device reset and denial of service vulnerabilities.
View ArticleHuawei EchoLife HG520 Remote Information Disclosure
Huawei EchoLife HG520 modems are vulnerable to a remote information disclosure vulnerability. This vulnerability can be exploited by sending a specially crafted UDP packet that causes the modems to...
View ArticleHuawei EchoLife HG520c Information Disclosure
Huawei EchoLife HG520 modems are vulnerable to an information disclosure vulnerability. Sensitive modem information can be accessed using a public URL in modems with the web interface activated.
View ArticleHuawei EchoLife HG520 Remote Management CSRF
Huawei EchoLife HG520 modems do not require authentication to access certain pages such as: '/Forms/access_cwmp_1', '/Forms/rpQos_1' and '/Forms/rpRManage_1'. A CSRF exploit can be used to enable...
View ArticleAnti-CSRF Filter Bypass SMF 2.0 / 1.1.14
The [img] BBCode tag anti-CSRF filter can be bypassed due to incorrect parsing of the 'action' variable, because of this it is possible to execute CSRF successfully.
View ArticlePHP Self Cross Site Scripting in MantisBT 1.2.x
MantisBT installations 1.2.x up to 1.2.7 are vulnerable to Cross Site Scripting attacks due to lack of sanitation of the variable $_SERVER["PHP_SELF"]
View ArticleNetgear Information Disclosure
Several NETGEAR devices are vulnerable to information disclosure via the web interface.
View ArticleHuawei HG866 authentication bypass
The web management interface of Huawei HG688 routers has several pages which fail to validate the user's session. This allows an attacker to bypass the authentication both locally and remotely.
View ArticlePath traversal in TP-LINK WR740 and possibly others
TP-Link WR740 routers are vulnerable to a path traversal vulnerability on the web administration interface. Unauthenticated users are able to read any file from the device.
View ArticleDebugging shell with root privileges in routers TP-Link WR740
There is a hidden debugging shell with root privileges in routers TP-Link WR740.
View ArticleMultiple vulnerabilities in ZPanel 10.0.1
Several vulnerabilties were discovered in ZPanel 10.0.1 during our pro bono security audit. The ZPanel team has addressed these issues in version 10.0.2 and it is advised to upgrade.
View ArticleHuawei HG8245 backdoor and remote access
The Huawei HG8245 ONT, firmware version V1R006C00S100 which provides cellular services, contains 3 severe vulnerabilities: two administrator accounts enabled by default and a public administration...
View Article