Next Page >>
Web Interface
UVC products.
This vulnerability is documented in Cisco bug ID CSCti54008 and has been
assigned CVE ID CVE-2010-3038.
Remote Command Injection on the Web Interface in Cisco UVC Products
+------------------------------------------------------------------
Several fields in the web server interface of Cisco UVC products are
vulnerable to a shell command injection vulnerability. An
administrator user who is authenticated to the web interface of Cisco
#
# Product: Snom VoIP/SIP Phones (Snom300, Snom320, Snom360,
# Snom370, Snom820)
# Vendor: snom technology AG
# CVD ID: CVE-2009-1048
# Subject: Authentication Bypass of Snom Phone Web Interface
# Risk: High
# Effect: Remote
# Author: Walter Sprenger
# Date: August 13, 2009
#
Advisory # 1:
TITLE
OS Command Injection Vulnerability in Aruba Remote Access Point
Diagnostic Web Interface.
SUMMARY
An OS command injection vulnerability has been discovered in the Aruba
Remote Access Point's Diagnostic Web Interface. When running the
- - Services misconfiguration
There is an FTP daemon (vsftpd) running but no mention in the documentation
of what it might be useful for. User credentials created from the
web-interface allow to explore the filesystem/firmware of the device.
The file /etc/shadow has read permissions for all.
The ssh daemon (openssh) has a non-default but curious configuration. It
allows port-forwarding and socks proxies to be created, X11 to be
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-009
------------------link to original advisory --------------------------
http://www.dsecrg.com/pages/vul/show.php?id=82
Application: APC PowerChute Network Shutdown's Web Interface
Vendor URL: http://www.apc.com/
Bug: XSS/Response Splitting
Exploits: YES
Reported: 20.10.2008
Vendor Response: 20.10.2008
=======
Cisco Small Business (SRP 500) Series Services Ready Platforms
contain the following three vulnerabilities:
* Cisco SRP 500 Series Web Interface Command Injection
Vulnerability
* Cisco SRP 500 Series Unauthenticated Configuration Upload
Vulnerability
* Cisco SRP 500 Series Directory Traversal Vulnerability
Advisory: Alcatel-Lucent OmniPCX Remote Command Execution
RedTeam Pentesting discovered a remote command execution in the
Alcatel-Lucent OmniPCX during a penetration test. The masterCGI script
of the OmniPXC integrated communication solution web interface is
vulnerable to a remote command execution. Attackers can run arbitrary
commands with the permissions of the web application user.
Details
AXIS 70U Network Document Server - Privilege Escalation and XSS
http://dsecrg.com/pages/vul/show.php?id=60
Application: AXIS 70U Network Document Server (Web Interface)
Versions Affected: 3.0
Vendor URL: http://www.axis.com/
Bug: Local File Include and Privilege Escalation, Multiple Linked XSS
Exploits: YES
Reported: 20.10.2008
#1 Access from the Internet to device enabled by default
Anyone is able to automatically detect devices, which are online and
conduct the attack. It's simplified even more as the oparator IP address
space is reserved for the services using this device.
#2 No HTTPS support for the web interface
Communication to the web interface can be sniffed by the attacker.
#3 System doesn't force administrator to change default password upon
first login
Many administrators leave it unchanged.
Advisory: Client Side Authorization ZyXEL ZyWALL USG Appliances Web
Interface
The ZyXEL ZyWALL USG appliances perform parts of the authorization for
their management web interface on the client side using JavaScript. By
setting the JavaScript variable "isAdmin" to "true", a user with limited
access gets full access to the web interface.
Details
--Tuesday, June 16, 2009, 2:11:27 AM, you wrote to m.elyazghi@gmail.com:
TN> Hi.
TN> I see where you're going but I think you're missing the point a little. By
TN> *default* the web interface is enabled on the LAN and accessible by anyone
TN> on that LAN and the "remote management" interface (for the Internet) is
TN> turned off. If the "remote management" interface was enabled, stopping ICMP
TN> echo responses would not resolve this issue at all, turning the interface
TN> off would do though (or restricting by IP, ...ack). The "remote management"
TN> (love those quotes...) interface speaks over HTTP hence TCP so no amount of
Tested against: Citrix XenDesktop, XenServer, Receiver 5.6 SP2 (possibly other versions as well)
By default, the authentication between the Citrix Receiver client to the Web interface is not configured to use SSL. If a company elects not to use SSL for this, the XML transaction between the receiver client and the Web Interface server to enum.aspx and launch.aspx contains the username and encoded password of the user. If an attacker can sniff this authentication traffic, they can use the encoded password to perform a "pass-the-hash" type attack to log in as the user via Citrix Receiver and gain access to the users Virtual Desktop(s).
POST /Citrix/XDPNAgent/enum.aspx HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: C:\PROGRA~1\Citrix\ICACLI~1\PNAMain.exe
Host: xxx.xxx.xxx.xxx
Content-Length: 705
Connection: Keep-Alive
manage web applications and infrastructure. It auto-discovers system
resources (including hardware, operating systems and databases), and
is able to monitor hosts and services.
Multiple cross-site scripting vulnerabilities (both stored and
reflected) have been found in the web interface of Hyperic HQ, which
can be exploited by an attacker to execute arbitrary JavaScript code
in the context of the browser of a legitimate logged in user.
4. *Vulnerable packages*
Discovered: 18 November, 2006
Disclosed: 15 June, 2009
I. DESCRIPTION
The Netgear DG632 router has a web interface which runs on port 80. This
allows an admin to login and administer the device's settings. However,
a Denial of Service (DoS) vulnerability exists that causes the web interface
to crash and stop responding to further requests.
II. DETAILS
Performance Manager. A cross-site scripting vulnerability exists that
can allow a remote attacker to potentially gain sensitive
information. CA has provided guidance to remediate the vulnerability.
The vulnerability, CVE-2010-0640, is due to insufficient validation
of certain characters in web interface requests. An attacker, who
can have an unsuspecting user follow a malicious URL, can conduct
cross-site scripting attacks.
Risk Rating
Hi.
I see where you're going but I think you're missing the point a little. By
*default* the web interface is enabled on the LAN and accessible by anyone
on that LAN and the "remote management" interface (for the Internet) is
turned off. If the "remote management" interface was enabled, stopping ICMP
echo responses would not resolve this issue at all, turning the interface
off would do though (or restricting by IP, ...ack). The "remote management"
(love those quotes...) interface speaks over HTTP hence TCP so no amount of
dropping ICMP goodness will help with this. Anyhow, I am happy to discuss
Voxlog professional suffers from multiple critical vulnerabilities. The
flaws have been confirmed at two independent installations. As only a
very short test has been performed, many more flaws are to be expected:
1) Unauthenticated file disclosure vulnerability
The "get.php" functionality of the web interface of voxlog professional
allows an attacker to read arbitrary files from the operating system,
such as config files or other sensitive voxlog files and voice
recordings.
A valid web interface user account is _not_ necessary to exploit this
On 2009-02-26 Vladimir '3APA3A' Dubrovin wrote:
> --Thursday, February 26, 2009, 7:40:50 PM, you wrote to bugtraq@securityfocus.com:
> DSRG> Application: APC PowerChute Network Shutdown's Web Interface
> DSRG> Vendor URL: http://www.apc.com/
> DSRG> Bug: XSS/Response Splitting
>
> DSRG> Solution: Use Firewall
>
> Just wonder: how can firewall to protect against XSS/response splitting?
http://www.videolan.org
Versions: <= 0.8.6d
Platforms: Windows, Mac, *BSD, *nix and more
Bugs: A] buffer-overflow in the handling of the subtitles
(originally found by Michal Luczaj)
B] format string in the web interface
Exploitation: A] local
B] remote
Date: 24 Dec 2007
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Two vulnerabilities in the web interface plugin in KTorrent allow for
remote execution of code and arbitrary torrent uploads.
Background
==========
I believe there could also be a remote user enumeration using this
service - when attempting to log into the web interface using a
non-valid username / any password you get "Error: bad credentials" but
when attempting to log with a valid username / invalid password you seem
to get:
"Error: bad credentials
Error Information
Error Code Description
> --Thursday, February 26, 2009, 7:40:50 PM, you wrote to bugtraq@securityfocus.com:
DSRG>> Application: APC PowerChute Network Shutdown's Web Interface
DSRG>> Vendor URL: http://www.apc.com/
DSRG>> Bug: XSS/Response Splitting
DSRG>> Solution: Use Firewall
To determine which version of the Cisco VPN Client is running on a
Microsoft Windows machine, follow the following steps:
1. Select "Programs->Cisco Systems VPN Client->VPN Client" from the Start
menu. This action will open the Cisco VPN Client graphical user
interface.
2. Select the option "About VPN Client..." from the "Help" menu. This
menu option will display a dialog box that contains text similar to
"Cisco Systems VPN Client Version 4.8.01.0300."
Note: By default, the "Cisco Systems VPN Client" folder is located in the
Discovered: 8 July, 2010
Disclosed: 4 August, 2010
I. DESCRIPTION
The Cisco Wireless Control System (WCS) is a web interface that allows centralised management
and reporting within a Cisco wireless infrastructure.
II. DETAILS
A Cross-site Scripting (XSS) vulnerability exists within the search function on the
Buffer Overflow Vulnerability
3. CA eTrust ITM r8.1 Web Console Script Redirection
Vulnerability
4. VMware Virtual Disk Mount Service Local Denial of
Service Vulnerability
5. CA eTrust ITM r8.1 iTechnology SPIN Web Interface
Sensitive Information Disclosure Vulnerability
Description
***********
OpenBSD BGPD daemon Web Interface has XSS vulnerability
History
********
ACK! You can find user which can login to the web interface with this trick.
Am 03.03.2010 09:14, schrieb Veal, Richard:
>
> I believe there could also be a remote user enumeration using this
> service - when attempting to log into the web interface using a
> non-valid username / any password you get "Error: bad credentials" but
> when attempting to log with a valid username / invalid password you seem
> to get:
Severity: Medium (Script injection)
Description:
There is a Cross-site Scripting vulnerability on Juniper, IVE web interface.
Procheckup has found by making a malformed request to the IVE Web
interface without authentication, that a vanilla cross site scripting
(XSS) attack is possible.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability in the MLDonkey web interface allows remote attackers
to disclose arbitrary files.
Background
==========
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
o PROBLEM DETAILS
The Juniper Secure Access (SA) web interface allows users to manage the
bookmarks on their landing page. This bookmark management functionality
does not filter user input properly and can allow cross site scripting
attacks.
Upon modification or creation of a bookmark, the editbk.cgi script is
Next Page>>
|
