| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Jun 2010 19:05:11 -0300 From: Ewerson GuimarĂ£es (Crash) - Dclabs <crash@...abs.com.br> To: bugtraq@...urityfocus.com Subject: Dlink Di-604 router authenticated user ping tool Xss and DoS [DCA-0001] [Dlink Di-604 router authenticated user ping tool Xss and DoS] [vendor product description] The DI-604 combines the latest advancements in chip technology, low-cost design and manufacturing with new, feature-rich firewall and network management controls to give you quite possibly the most advanced, yet affordable Ethernet router to date. [Bug Description] 'Ping tools' web interface does not validate the ip textfield size leading to a Denial Of Service flaw by changing its size and sending more than 500 characters to it. This textfield is also prone to Cross Site Scripting. An authenticated user is required to exploit these security flaws. [History] Adv sent to vendor 05/25/2010 No vendor response Published 06/08/2010 [Impact] Low [Afected Version] All firmware [Vendor Reply] ------------------------------------------------------------------------------------------------ [Codes] No codes are needed -------------------------------------------- DcLabs - Sponsor: Crash crash@...abs.com.br [Greetz] Ipax - Alequimico - Gr1nch - Raphx88 ------------------------------------
Powered by blists - more mailing lists