Our public security advisoriesPHP Self Cross Site Scripting in MantisBT 1.2.x
MantisBT installations 1.2.x up to 1.2.7 are vulnerable to Cross Site Scripting attacks due to lack of sanitation of the variable $_SERVER["PHP_SELF"]
Posted on Sep 13, 2011
Anti-CSRF Filter Bypass SMF 2.0 / 1.1.14
The [img] BBCode tag anti-CSRF filter can be bypassed due to incorrect parsing of the 'action' variable, because of this it is possible to execute CSRF successfully.
Posted on Aug 23, 2011
Huawei EchoLife HG520 RemoteManagement CSRF
Huawei EchoLife HG520 modems do not require authentication to access certain pages such as: '/Forms/access_cwmp_1', '/Forms/rpQos_1' and '/Forms/rpRManage_1'. A CSRF exploit can be used to enable remote administration inerfaces on the WAN.
Posted on Jun 08, 2010
Huawei EchoLife HG520c Information Disclosure
Huawei EchoLife HG520 modems are vulnerable to an information disclosure vulnerability. Sensitive modem information can be accessed using a public URL in modems with the web interface activated.
Posted on May 16, 2010
Huawei EchoLife HG520 Remote Information Disclosure
Huawei EchoLife HG520 modems are vulnerable to a remote information disclosure vulnerability. This vulnerability can be exploited by sending a specially crafted UDP packet that causes the modems to return sensitive information in clear text form.
Posted on May 13, 2010
TWITTER
FACEBOOK
SUBSCRIBE
EMAIL US