VARIoT IoT vulnerabilities database

The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments. Linksys EtherFast Cable / DSL routers is a small four-port router designed to optimize the use of DSL or Cable connections.  BEFSR41 contains a WEB interface that can be used to manage the configuration, which includes the Gozila.cgi script, but if the Gozila.cgi script is requested without submitting any parameters, it can cause BEFSR41 to crash and stop responding to normal requests. Linksys BEFSR41 is vulnerable to a denial of service condition. The denial of service condition will be triggered when the device receives a request for the script file 'Gozila.cgi' without any parameters

SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php. A SQL injection vulnerability has been reported for PHP-Nuke 5.6. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in some scripts. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script. By injecting SQL code into variables, it may be possible for an attacker to corrupt database information. PHP-Nuke is a website creation and management tool that can use many database software as the backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. An attacker can bypass the reference by inserting \'\'\\'\' in the \"bio\" field, resulting in SQL injection. The following operations can modify the password of any PHP-NUKE user to \"1\"

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. It is possible for attackers to authenticate to FTP services on TCC, TCC+ and XTC control cards using a non-existent username/password. Unauthorized FTP access will enable an attacker to upload modified configuration files or delete software images. To exploit this issue, the attacker must be able to access the FTP services on TCC, TCC+ and XTC control cards. Cisco ONS15454 and Cisco ONS15327 are fiber optic network platforms developed by CISCO. There is a flaw in the FTP service implementation of Cisco ONS15454 and Cisco ONS15327 devices. The CISCO BUG ID of this vulnerability is: CSCds52295 < *Link: http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml* >

Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup. An attacker with access to the backup of the running image database may trivially retrieve these credentials. Cisco ONS15454 and Cisco ONS15327 are fiber optic network platforms developed by CISCO. Cisco ONS15454 and Cisco ONS15327 devices store user names and passwords in clear text in the backup database. Remote attackers can use this vulnerability to obtain relevant user authentication information, such as administrator passwords, and use these information to access and fully control the Cisco ONS system platform. The CISCO BUG ID of this vulnerability is: CSCdt84146 < *Link: http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml* >

Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation.". Microsoft IIS In IIS When running an application as part of a different process than Web What should be executed with the rights of the application manager System There is a design flaw that can be executed with privileges.System An arbitrary code may be executed with authority. A vulnerability has been reported for Microsoft IIS that may allow an attacker to obtain elevated privileges. This vulnerability can be exploited by an attacker to load and execute applications on the vulnerable server with SYSTEM level privileges. This vulnerability can exploited when IIS is configured to run applications out of process by modifying the memory space of the dllhost.exe process. This vulnerability was originally described in BugTraq ID 6068. It is now being assigned its own BugTraq ID

NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. A weakness has been discovered in NetDSL-800 router firmware. It has been reported that NetDSL-800 firmware, configured by certain Internet Service Providers(ISP), contains undocumented users. It is possible to obtain a target devices undocumented username and password using a network sniffer and the Arescom NetDSL Remote Manager. Access via undocumented accounts may allow attackers to corrupt configuration settings or cause a denial of service. It should be noted that all firmware configurations may not contain undocumented users. Firmware configured by the MSN ISP has been reported vulnreable. It should also be noted that it has not yet been confirmed whether unique username and passwords are generated for each device. Arescom NetDSL-800 is a pluggable, easy-to-use ADSL MODEM. There are undisclosed accounts in the NetDSL-800 firmware provided by some ISPs. There are undisclosed usernames and passwords in the NetDSL-800 firmware preset by MSN ISP, which can make, change settings, or conduct denial of service attacks

SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name. SonicWall Content Filtering software is designed for use with SonicWall Appliances. It has been reported that the SonicWall Content Filtering software does not sufficiently check addresses when requests are made. Because of this, it would be possible for a user behind the system to reach a restricted-access site by requesting the site on the basis of IP addresses. A remote attacker could exploit this vulnerability to bypass content inspection and access otherwise restricted sites

Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. Unity Server is prone to a remote security vulnerability

The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access. The 12/640 PS LaserWriter is a Postscript capable printer distributed by Apple. When the tool is used to configure a printer, the device does not require the setting of a telnet server password. This may allow unauthorized remote access to the device. TCP/IP Print Configuration Tool is a security and management software for Apple.LaserWriter 12/640 PS printer

Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. It has been reported that the WET11 device is prone to a denial of service condition when receiving specially crafted packets. The device will crash when it receives packets that have the same MAC address as the device itself. Linksys WET11 is an Ethernet to 802.11b bridge that can bridge a single host or an entire network

The DSL-500 is an ADSL broadband router developed by D-Link. The DSL-500 includes a default telnet password that can be used by remote attackers to access control devices. The DSL-500 includes a default telnet password of 'private', which allows an attacker to gain unauthorized access to the device for a denial of service attack or other malicious activity. This could result in unauthorized access, denial of service, or other problems

D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. DWL-900AP + is a WiFi / 802.11b wireless access point system developed by D-Link.  DWL-900AP + contains an undisclosed TFTP service program.  -WEP encryption key.  -Network configuration data (address, SSID, etc.).  This data exists in clear text, and through this data, an attacker may be able to control the entire device.  In addition, you can obtain other configuration files by accessing the request TFTP server:  -eeprom.dat  -mac.dat  -wtune.dat  -rom.img  -normal.img. This could lead to the disclosure of sensitive information

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. The request contains a Content-Length header but no body data

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. The request contained a negative integer value in the Content-Length header

GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software

Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. It has to do with incorrect use of the socketInputBuffered function

GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software. The vulnerability is related to the websSafeUrl function

GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. IBM AIX In IPSec of esp4_input() There is a vulnerability in the function that does not properly check the integrity of authentication data.There is a possibility of a kernel panic condition. A vulnerability in several implementations of IPSec related to handling of malformed ESP packets has been reported. On several systems, the conditions may be exploited to cause kernel panics. IPSEC is a set of IP security extensions that provide verification and encryption functions. It includes two types of packets, ESP and AH, represented by IP protocols 50 and 51 respectively. Several IPSec implementations have a vulnerability. Remote attackers can exploit this vulnerability to conduct denial of service attacks

The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. This issue is also referenced in VU#124059. GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU#975041. As a result, files containing usernames and passwords may be viewed. GoAhead WebServer is prone to an authentication-bypass vulnerability and multiple denial-of-service vulnerabilities. A remote attacker may exploit these issues to gain access to protected documents or to create a denial-of-service condition. Versions prior to GoAhead WebServer 2.1.6 are vulnerable. GoAhead WebServer is a WEB publishing service system software