|
18293
|
Views: 416
Description:
By default, many of Belkin wireless routers using a default ssid of "belkin54g" are preconfigured with a default password. The "admin" account has a null password which is publicly known and documented. This allows attackers to trivially access the program or system.
Comments: 1, Blogs: 0, References: 5
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| - Authentication Management
| | | | | |
|
Belkin 54G Routers Admin Account Default Null Password
|
|
40621
|
Views: 302
Description:
Simple PHP Blog contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions to delete posts. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
Comments: 0, Blogs: 0, References: 8
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Simple PHP Blog (SPHPBlog) add_link.php link_id Variable CSRF
|
|
821
|
Views: 277
Description:
By default, Linksys routers install with a default password. The administrative account has a password of admin which is publicly known and documented. This allows attackers to trivially access the program or system.
Comments: 0, Blogs: 0, References: 4
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| - Misconfiguration
- Authentication Management
| | | | | |
|
Linksys Router Default Password
|
|
28946
|
Views: 238
Description:
A remote stack-based buffer overflow exists in Microsoft Internet Explorer. The browser's vml rendering engine fails to check the length of a fill parameter on the rect tag resulting in a stack-based buffer overflow. With a specially crafted request that contains a vml graphics, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Comments: 0, Blogs: 0, References: 28
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | - OSVDB Verified
- Discovered in the Wild
| |
|
Microsoft IE Vector Markup Language (VML) Arbitrary Code Execution
|
|
877
|
Views: 144
Description:
RFC compliant web servers support the TRACE HTTP method, which contains a flaw that may lead to an unauthorized information disclosure. The TRACE method is used to debug web server connections and allows the client to see what is being received at the other end of the request chain. Enabled by default in all major web servers, a remote attacker may abuse the HTTP TRACE functionality, i.e. cross-site scripting (XSS), which will disclose sensitive configuration information resulting in a loss of confidentiality.
Comments: 0, Blogs: 0, References: 27
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Multiple Web Server Dangerous HTTP Method TRACE
|
|
592
|
Views: 133
Description:
By default, Zyxel routers install with a default password. The administrative account has a password of 1234 which is publicly known and documented. This allows attackers to trivially access the program or system.
Comments: 0, Blogs: 0, References: 9
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| - Authentication Management
| | | | | |
|
ZyXEL Multiple Routers Default Administrator Password
|
|
32397
|
Views: 119
Description:
opentaps contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'SEARCH_STRING' variable upon submission to the keywordsearch script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Comments: 0, Blogs: 0, References: 4
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
opentaps ecommerce/control/keywordsearch SEARCH_STRING Variable XSS
|
|
38669
|
Views: 116
Description:
Boinc Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search_string' variables upon submission to the forum_text_search_action.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Comments: 0, Blogs: 0, References: 6
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Boinc Forum forum_text_search_action.php search_string Variable XSS
|
|
44213
|
Views: 112
Description:
A heap overflow overflow exists in Windows. gdi32.dll fails to validate EMF files resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
Comments: 0, Blogs: 33, References: 15
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
- Local Access Required
| | | | | | |
|
Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows
|
|
16876
|
Views: 95
Description:
BookReview contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'node' variable upon submission to the 'add_url.htm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Comments: 0, Blogs: 0, References: 15
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
BookReview add_url.htm node Variable XSS
|
