An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators. Date published : 2017-01-30 http://www.securityfocus.com/bid/95796 https://support.citrix.com/article/CTX220112
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. Date published : 2017-01-30 http://www.securityfocus.com/bid/95801 https://support.citrix.com/article/CTX220112
An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. Date published : 2017-01-29 http://www.securityfocus.com/bid/95877 https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd)...
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with...