lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTilIFusLSLgnL_j40ghujHRUsgILmnxytSg8owck@mail.gmail.com>
Date: Tue, 8 Jun 2010 19:05:11 -0300
From: Ewerson GuimarĂ£es (Crash) - Dclabs <crash@...abs.com.br>
To: bugtraq@...urityfocus.com
Subject: Dlink Di-604 router authenticated user ping tool Xss and DoS

[DCA-0001]
[Dlink Di-604 router authenticated user ping tool Xss and DoS]

[vendor product description]
The DI-604 combines the latest advancements in chip technology,
low-cost design and manufacturing with new, feature-rich firewall and
network management controls to give you quite possibly the most
advanced, yet affordable Ethernet router to date.


[Bug Description]
'Ping tools' web interface does not validate the ip textfield size
leading to a Denial Of Service flaw by changing its size and sending
more than 500 characters to it. This textfield is also prone to Cross
Site Scripting. An authenticated user is required to exploit these
security flaws.


[History]
Adv sent to vendor 05/25/2010
No vendor response
Published 06/08/2010


[Impact]
Low

[Afected Version]
All firmware

[Vendor Reply]


------------------------------------------------------------------------------------------------

[Codes]
No codes are needed



--------------------------------------------
DcLabs - Sponsor: Crash
crash@...abs.com.br

[Greetz]
Ipax - Alequimico - Gr1nch - Raphx88
------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ