-
Telus Actiontec WEB6000Q Denial Of Service
CGI Files ≈ Packet Storm Jun 12, 2019 | 20:44 pmTelus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from a denial of service vulnerability. By querying CGI endpoints with empty (GET/POST/HEAD) requests causes a Segmentation Fault of the uhttpd webserver. Since there is no watchdog on this daemon, a device reboot[…]
Read more... -
RICOH SP 4520DN Printer HTML Injection
CGI Files ≈ Packet Storm May 9, 2019 | 20:22 pmAn HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
Read more... -
RICOH SP 4510DN Printer HTML Injection
CGI Files ≈ Packet Storm May 9, 2019 | 16:55 pmAn HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
Read more... -
Sierra Wireless AirLink ES450 ACEManager template_load.cgi Information Disclosure
CGI Files ≈ Packet Storm Apr 27, 2019 | 19:20 pmAn exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment
CGI Files ≈ Packet Storm Apr 27, 2019 | 01:55 amAn exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
CGI Files ≈ Packet Storm Apr 27, 2019 | 01:44 amAn exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to,[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager ping_result.cgi Cross Site Scripting
CGI Files ≈ Packet Storm Apr 26, 2019 | 23:01 pmAn exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution
CGI Files ≈ Packet Storm Apr 26, 2019 | 23:01 pmAn exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change
CGI Files ≈ Packet Storm Apr 26, 2019 | 22:32 pmAn exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password[…]
Read more... -
Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection
CGI Files ≈ Packet Storm Apr 26, 2019 | 21:32 pmAn exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request[…]
Read more...
snaplitics made a real revolution in the industry.
