OSVDB: Open Sourced Vulnerability Database

Creditee: Roberto Paleari

Known Contact Information:

(as of 2012-02-08)
(as of 2012-09-12)

Known Affiliations:

Emaze Networks S.p.A (as of 2012-02-08)
Roberto Paleari's Blog (as of 2013-03-19)

Disclosed Vulnerabilities (24):

Disc. Date	OSVDB ID	CVEID	Title
2013-04-25	92935		Huawei AR Routers SNMPv3 Parsing Remote Overflow DoS
2013-04-16	92507		Sitecom WLM-3500 Web Interface Multiple Hardcoded Deafult Passwords
2013-04-16	92508		Sitecom WLM-3500 Web Interface /romfile.cfg Admin Password Cleartext Remote Disclosure
2013-03-30	91871		NETGEAR WNR1000 Crafted 'Image' Request Authentication Bypass
2013-03-19	91497		Google Android on Samsung Multiple Unspecified Phone Setting Manipulation Issues
2013-03-19	91495		Google Android on Samsung Unspecified Unprivileged Arbitrary SMS Message Sending
2013-03-19	91496		Google Android on Samsung Unspecified Phone Action Hijacking Issue
2013-03-19	91498		Google Android on Samsung Multiple Unspecified DoS
2013-03-19	91499		Google Android on Samsung Multiple Unspecified Information Disclosure
2013-03-19	91493		Google Android on Samsung Unspecified Privileged Application Installation (Issue 1)
2013-03-19	91494		Google Android on Samsung Unspecified Privileged Application Installation (Issue 2)
2013-03-13	93041		Huawei AR Routers SNMPv3 Message Handling Stack Buffer Overflow
2013-02-27	90733		D-Link DIR-645 getcfg.php Direct Request Cleartext Admin Password Disclosure
2013-01-28	89697		D-Link Multiple DCS Cameras /frame/GetConfig Direct Request Configuration File Disclosure
2012-11-13	87968		Huawei Multiple Router Unsalted DES Password Storage Weakness
2012-11-13	87329		Telstra BigPond Elite Router Default Hardcoded Credentials
2012-10-12	86153		BigPond Wireless Broadband Gateway 3G21WB Multiple Default Credentials
2012-10-11	86154		BigPond Wireless Broadband Gateway 3G21WB ping.cgi Crafted HTTP Request Parsing Remote Shell Command Execution
2012-09-12	86020	2012-5861	Sinapsi eSolar Light Photovoltaic System Monitor dettagliinverter.php inverterselect Parameter SQL Injection
2012-09-12	86021	2012-5861	Sinapsi eSolar Light Photovoltaic System Monitor changelanguagesession.php lingue Parameter SQL Injection
2012-09-12	86022	2012-5862	Sinapsi eSolar Light Photovoltaic System Monitor login.php Multiple Default Hardcoded Passwords
2012-09-12	86019	2012-5863	Sinapsi eSolar Light Photovoltaic System Monitor ping.php ip_dominio Parameter Crafted HTTP Request Parsing Remote Command Execution
2012-09-12	87771	2012-5864	Sinapsi eSolar Light Photovoltaic System Admin Page Direct Request Authentication Bypass
2012-02-08	84057		D-Link ShareCenter DNS-320 cgi-bin/system_mgr.cgi Arbitrary Command Execution

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.