CVE-2009-0392 – Motorola Wimax modem CPEi300 - File Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0392
Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter. Una vulnerabilidad de salto de directorio en sysconf.cgi en los drivers del módem Motorola Wimax CPEi300 permite a los usuarios remotos autenticados leer archivos arbitrarios a través de un .. (punto punto) en el parámetro page. • https://www.exploit-db.com/exploits/7915 http://www.securityfocus.com/archive/1/500545/100/0/threaded http://www.securityfocus.com/bid/33519 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-0393 – Motorola Wimax modem CPEi300 - File Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0393
Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en sysconf.cgi en los driver del módem Motorola CPEi300 Wimax permite a los usuarios remotos autenticados inyectar HTML o scripts web arbitrarios a través del parámetro page. • https://www.exploit-db.com/exploits/7915 http://www.securityfocus.com/archive/1/500545/100/0/threaded http://www.securityfocus.com/bid/33519 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •