Henri Lindberg

9 exploits Active since Aug 2007
CVE-2008-6823 EXPLOITDB text WORKING POC
A-LINK WL54AP2 and WL54AP3 < 1.4.1 - Cross-Site Request Forgery via Management Interface
Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.
CVE-2009-1288 EXPLOITDB text WRITEUP
IBM Advanced Management Module - Cross-Site Scripting via Username or File Manager PATH Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
CVE-2009-1288 EXPLOITDB text WRITEUP
IBM Advanced Management Module - Cross-Site Scripting via Username or File Manager PATH Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.
CVE-2009-1290 EXPLOITDB html WORKING POC
IBM Advanced Management Module - Cross-Site Request Forgery via Private Blade Power Action Script
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script.
CVE-2007-4318 EXPLOITDB html WORKING POC
ZyNOS 3.62(WK.6) - Authenticated Stored Cross-Site Scripting via sysSystemName Parameter
Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.
EIP-2026-101113 EXPLOITDB python WORKING POC
Xerox WorkCentre (Multiple Models) - Denial of Service
EIP-2026-101421 EXPLOITDB text WRITEUP
Rittal CMC-TC Processing Unit II - Multiple Vulnerabilities
CVE-2008-1208 EXPLOITDB html WORKING POC
Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x - XSS
Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2008-6824 EXPLOITDB text WORKING POC
A-LINK WL54AP2 and WL54AP3 - Unauthenticated Admin Access via Blank Default Password
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.