Luca

3 exploits Active since Sep 2007
CVE-2017-5473 WRITEUP HIGH WRITEUP
ntopng < 2.4 - Cross-Site Request Forgery via User Management Endpoints
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
CVSS 8.8
CVE-2017-5473 WRITEUP HIGH WRITEUP
ntopng < 2.4 - Cross-Site Request Forgery via User Management Endpoints
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
CVSS 8.8
CVE-2007-4915 METASPLOIT ruby WORKING POC
Boa Webserver 0.93.15 - Remote Admin Password Change via Long Username in HTTP Basic Authentication
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.