| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Jan 2011 09:11:08 -0200 From: Ewerson GuimarĂ£es (Crash) - Dclabs <crash@...abs.com.br> To: bugtraq@...urityfocus.com Subject: [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss [DCA-00017] LinkSys BEFSR41 Multiple Stored Xss [Software/Hardware] - LinkSys DSL Router BEFSR41 V2 [Vendor Product Description] - This Router will allow your computers to share a high-speed Internet connection as well as resources, including files and printers. [Bug Description] - Linksys does not validate the input size leading to stored Xss bug. - Host name,User Name(PPPoE and PPTP),Customized Applications and other fields are vulnerable. [History] - Advisory sent to vendor on 01/03/2011. - Vendor reply 01/03/2011 - Published 01/04/2011 [Impact] - Low [Affected Version] - LinkSys DSL Router BEFSR41 V2 - Firmware: 1.30 1.33.1 1.34 1.35 1.36 1.36T4(beta) 1.37 1.37.1(j) 1.38.5 1.39 1.40.1 1.40.2 1.42.3 1.42.6 1.42.7 1.43 1.43.3 1.44 1.44.2 1.46.2 [Vendor Reply] - According to the vendor, this hardware is deprecated [Codes] Example in Customized Applications fields: '><h1>B</h1> ---------------------------------------------------------------------------------------- [Credits] DcLabs Security Group Sponsor: Crash crash@...abs.com.br -- Ewerson Guimaraes (Crash) Pentester/Researcher DcLabs Security Team www.dclabs.com.br
Powered by blists - more mailing lists