«
Expand/Collapse
76 items tagged "web interface"
Related tags:
forgery [+],
information disclosure vulnerability [+],
zero day [+],
zero [+],
disclosure [+],
zywall [+],
snom [+],
hacks [+],
xss [+],
usg [+],
port [+],
cisco rvs [+],
aastra [+],
xcat [+],
web conferencing [+],
utm [+],
user [+],
uri [+],
tcp port 80 [+],
site [+],
server admin [+],
routers [+],
php web [+],
php [+],
phone web [+],
n wireless [+],
n gigabit [+],
mitel [+],
manager. authentication [+],
linux [+],
jetty [+],
ip phone [+],
interface versions [+],
initiative [+],
freepbx [+],
free software updates [+],
cyberoam [+],
cross site scripting [+],
cross [+],
credential [+],
command execution [+],
cisco wrvs [+],
cisco security advisory [+],
cisco security [+],
cherokee [+],
audio [+],
arbor networks [+],
arbitrary code [+],
advisory [+],
access [+],
web [+],
xerox workcentre [+],
vulnerabilities [+],
virtual vertex muster [+],
virtual [+],
vertex [+],
sniffjoke [+],
safer use [+],
peakflow [+],
networks [+],
muster [+],
ive [+],
interface data [+],
ids [+],
evasion techniques [+],
evasion [+],
directory traversal vulnerability [+],
bugtraq [+],
zyxel zywall [+],
zyxel [+],
xerox [+],
wrvs [+],
workcentre [+],
wiznet [+],
willow garage [+],
wes brown [+],
wench [+],
web enabled [+],
version 6 [+],
txt [+],
toaster [+],
software description [+],
side [+],
shell [+],
shawn [+],
sergio [+],
sec [+],
rosewill [+],
root [+],
risk factor [+],
request [+],
rbd [+],
pump [+],
procheckup [+],
printers [+],
polycom [+],
pegboard [+],
norm santos [+],
nibe [+],
message [+],
management interface [+],
malformed request [+],
led [+],
juniper ive [+],
juniper [+],
http [+],
host [+],
home [+],
heat [+],
hardware hacking [+],
hack [+],
google translation [+],
google [+],
glueing [+],
ftp [+],
exec cgi [+],
delivery [+],
consult [+],
code execution [+],
client [+],
citrix web [+],
citrix [+],
camera [+],
beer delivery [+],
beer [+],
backdoor [+],
arduino [+],
admin [+],
Rasberry [+],
Pentesting [+],
interface [+],
vulnerability [+],
cups [+],
phone [+],
day [+]
-
-
14:10
»
Hack a Day
For the lucky few who have a Raspberry Pi board in their hands, you can now use the GPIO pins as a web interface (German, google translation). [Chris] is turning this magical board is turning a small device that can play 1080p video into something that can blink LEDs via the web. The build started with [...]
-
-
12:22
»
Packet Storm Security Exploits
The Cyberoam UTM exposes a web interface through a Jetty web server and this interface allows authenticated users to perform network diagnostic actions such as ping, traceroute, name lookup and so on. These actions are accessible to authenticated users, and are vulnerable to command injection attacks.
-
12:22
»
Packet Storm Security Recent Files
The Cyberoam UTM exposes a web interface through a Jetty web server and this interface allows authenticated users to perform network diagnostic actions such as ping, traceroute, name lookup and so on. These actions are accessible to authenticated users, and are vulnerable to command injection attacks.
-
12:22
»
Packet Storm Security Misc. Files
The Cyberoam UTM exposes a web interface through a Jetty web server and this interface allows authenticated users to perform network diagnostic actions such as ping, traceroute, name lookup and so on. These actions are accessible to authenticated users, and are vulnerable to command injection attacks.
-
-
18:41
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.
-
18:41
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.
-
18:41
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.
-
-
13:22
»
Carnal0wnage
Need to check a few specifc nessus plugins against a host?
$ sudo ./nessuscmd 192.168.1.92 -p80,443 -v -V -i 38157,10107
Starting nessuscmd 4.4.0
Scanning '192.168.1.92'...
Host 192.168.1.92 is up
Discovered open port http (80/tcp) on 192.168.1.92
[i] Plugin 10107 reported a result on port http (80/tcp) of 192.168.1.92
[i] Plugin 38157 reported a result on port http (80/tcp) of 192.168.1.92
+ Results found on 192.168.1.92
+ - Port http (80/tcp) is open
[i] Plugin ID 38157 Synopsis :
The remote web server contains a document sharing software Description : The remote web server is running SharePoint, a web interface for document management. As this interface is likely to contain sensitive information, make sure only authorized personel can log into this site See also :
http://www.microsoft.com/Sharepoint/default.mspx Solution : Make sure the proper access controls are put in place
Risk factor : None
Plugin output : The following instance of SharePoint was detected on the remote host :
Version : 12.0.0.6327
URL : http://192.168.1.92/
looks like the functionality has been there for awhile:
http://blog.tenablesecurity.com/2007/07/nessus-32-beta-.html
-
-
17:59
»
SecuriTeam
Several web interface vulnerabilities have been discovered in Cisco RVS4000/WRVS4400N that can be exploited by a remote, unauthenticated user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:01
»
Hack a Day
[Sergio] is just getting into hardware hacking. He started by getting an HD44780 compatible LCD screen running with his Arduino. To take the project to the next level, he decided to add a web interface for changing the message displayed on the LCD. He’s doing things on the cheap (a man after our own hearts), [...]
-
-
5:07
»
Hack a Day
[Shawn] emailed us some pictures and a description of his latest hack. He cracked open a Rosewill RXS-3211 IP Camera because the output of the web interface made him certain that it was running Linux and he wanted to unlock some more potential from the device. These cameras are used for security, and offer a browser-based [...]
-
-
18:48
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
-
18:48
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
-
18:48
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
-
-
19:14
»
Packet Storm Security Recent Files
SniffJoke is middleware software for Linux that is managed by a web interface and enables connection scrambling technology, also known as sniffer evasion techniques.
-
19:14
»
Packet Storm Security Misc. Files
SniffJoke is middleware software for Linux that is managed by a web interface and enables connection scrambling technology, also known as sniffer evasion techniques.
-
8:58
»
Packet Storm Security Exploits
ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited access gets full access to the web interface.
-
8:58
»
Packet Storm Security Recent Files
ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited access gets full access to the web interface.
-
8:58
»
Packet Storm Security Misc. Files
ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited access gets full access to the web interface.
-
-
20:51
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.
-
20:51
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.
-
20:51
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.
-
-
14:42
»
Hack a Day
[Norm Santos] whipped up an LED light board that you can draw on through their web interface. We tried it out but unfortunately the live feed is currently offline. That doesn’t diminish our appreciation for the time-lapse build video after the break. Indeed it was a mountain of hot glueing and a couple of days of soldering. [...]
-
-
19:02
»
Packet Storm Security Exploits
Procheckup has found by making a malformed request to the Juniper IVE Web interface without authentication, that a vanilla cross site scripting (XSS) attack is possible.
-
-
12:30
»
Hack a Day
Those crazy programmers over at the Willow Garage are at it again. This time around they’ve created a robotic wench to deliver the beer. When thirst strikes you can fire up a web interface and drag a picture of your beer into a shopping basket. Once you submit your order the bot will raid the [...]
-
-
3:01
»
Packet Storm Security Recent Files
There are multiple authenticated Cross-site Scripting vulnerability on Junipers, IVE web interface. Procheckup has found by making a malformed authenticated request to the IVE Web interface, that vanilla cross site scripting (XSS) attacks are possible.
-
3:01
»
Packet Storm Security Advisories
There are multiple authenticated Cross-site Scripting vulnerability on Junipers, IVE web interface. Procheckup has found by making a malformed authenticated request to the IVE Web interface, that vanilla cross site scripting (XSS) attacks are possible.
-
-
10:00
»
Hack a Day
Within a ten-hour window [Wes Brown] threw together this toaster with a web interface for one of his classes. He sourced the WIZnet embedded webserver for the project but this could be pulled off with a homebrew webserver as well. When you point your browser to the correct address you’re greeted with images of bread [...]
-
-
21:13
»
SecuriTeam
A backdoor vulnerability and a bug related to authentication were found in Xerox WorkCentre Printers Web Interface.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution