Ivano Binetti

29 exploits Active since Feb 2012
CVE-2013-5730 EXPLOITDB text WORKING POC
D-Link DSL-2740B Firmware EU_1.00 - Cross-Site Request Forgery via Wireless MAC Filter, Firewall, or Remote Management
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.
CVE-2012-1308 EXPLOITDB text WORKING POC
D-Link DSL-2640B Firmware EU_4.00 - Cross-Site Request Forgery via sysPassword Parameter
Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Link DSL-2640B Firmware EU_4.00 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
CVE-2012-1309 EXPLOITDB text WRITEUP
D-Link DSL-2640B ADSL Router - Authentication Bypass
CVE-2012-1922 EXPLOITDB text WORKING POC
Sitecom WLM-2501 - Cross-Site Request Forgery in Multiple Admin Forms
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921.