Trustwave's SpiderLabs

41 exploits Active since Jun 2009
CVE-2013-5745 EXPLOITDB text WORKING POC
GNOME Vino < 3.7.3 - Denial of Service via Authentication Error Handling
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.
CVE-2013-0397 EXPLOITDB text WRITEUP
Oracle Applications Framework - Info Disclosure
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.
CVE-2010-4232 EXPLOITDB text WRITEUP
Camtron CMNC-200 Firmware 1.102A-008 - Unauthenticated Authentication Bypass via Double Slash URI
The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.
CVE-2010-4233 EXPLOITDB text WRITEUP
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Default Credentials Exposure via TELNET
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.
CVE-2017-5521 EXPLOITDB HIGH python WORKING POC
NETGEAR R8500-R8000 - Info Disclosure
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.
CVSS 8.1
CVE-2013-4865 EXPLOITDB MEDIUM text WORKING POC
MiCasaVerde VeraLite <1.5.408 - CSRF
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.
CVSS 6.5
CVE-2013-4859 EXPLOITDB HIGH text WRITEUP
INSTEON Hub 2242-222 - No Auth Required
INSTEON Hub 2242-222 lacks Web and API authentication
CVSS 8.1
CVE-2013-7248 EXPLOITDB text WRITEUP
Franklin Fueling Systems TS-550 evo <2.4.0 - Privilege Escalation
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
CVE-2010-4507 EXPLOITDB text WRITEUP
iSpot and ClearSpot Firmware 2.0.0.0 - Cross-Site Request Forgery via Multiple CGI Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.
CVE-2010-4231 EXPLOITDB text WRITEUP
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Path Traversal via URI
Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2010-2860 EXPLOITDB text WRITEUP
EMC Celerra Network Attached Storage - Unauthenticated Arbitrary File Access via NFS Requests
The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests.
CVE-2011-0887 EXPLOITDB text WORKING POC
SMC SMCD3G-CCR - Session Hijacking via Predictable Session ID
The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.
CVE-2009-1201 EXPLOITDB html WORKING POC
Cisco Adaptive Security Appliance - Cross-Site Scripting via CSCO_WebVPN Process Function
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
CVE-2013-4868 EXPLOITDB MEDIUM text WRITEUP
Karotz API <12.07.19.00 - Info Disclosure
Karotz API 12.07.19.00: Session Token Information Disclosure
CVSS 5.3
CVE-2010-4234 EXPLOITDB text WORKING POC
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Denial of Service via Rapid Request Flood
The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval.
CVE-2010-4230 EXPLOITDB text WORKING POC
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Stack-Based Buffer Overflow via ActiveX Connect Method
Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method.