[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection

Posted on Mon 15 July 2013 in Advisory • Tagged with vulnerability, advisory, CVE-2013-2612, huawei 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
________________________________________________________________________
Summary:
Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command
injection vulnerability in the Web UI.

Successful exploitation allows unauthenticated attackers to execute
arbitrary commands with root privileges.
________________________________________________________________________
Details …

Continue reading

[CVE-2013-2560] Foscam <= 11.37.2.48 path traversal vulnerability

Posted on Sun 17 March 2013 in Advisory • Tagged with vulnerability, advisory, foscam

Summary

Foscam firmware <= 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface.

The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials.

Details

GET //../proc/kcore HTTP/1.0

CVSS Version 2 Metrics

  • Access Vector: Network exploitable
  • Access Complexity …

Continue reading

[CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping

Posted on Sun 17 March 2013 in Advisory • Tagged with vulnerability, advisory, lemonldap

Summary

LemonLDAP-NG <=1.2.2 is prone to a security vulnerability involving XML signature wrapping in authentication process.

Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content.

This may lead to authentication bypass.

Details

Due to a bad use …


Continue reading