CVE-2010-2307 – Motorola Surfboard Cable Modem - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-2307
Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. Múltiples vulnerabilidades de salto de directorio en en el servidor web del cable modem Motorola SURFBoard SBV6120E que tiene el firmware SBV6X2X-1.0.0.5-SCM-02-SHPC, permite a atacantes remotos leer archivos de su elección a través de secuencias (1) "//" (múltiples slash), (2) ../ (punto punto) y secuencias codificadas en una petición URL. • https://www.exploit-db.com/exploits/12865 http://secunia.com/advisories/40054 http://www.exploit-db.com/exploits/12865 http://www.osvdb.org/65249 http://www.securityfocus.com/bid/40550 https://exchange.xforce.ibmcloud.com/vulnerabilities/59113 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-1394 – Timbuktu 8.6.6 - PlughNTCommand Named Pipe Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-1394
Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe. Desbordamiento de búfer basado en pila en Motorola Timbuktu Pro 8.6.5 en Windows permite a atacantes remotos ejecutar código de su elección enviando un cadena malformada de gran tamaño sobre la tubería (pipe) PlughNTCommand. • https://www.exploit-db.com/exploits/16370 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=809 http://secunia.com/advisories/35533 http://www.netopia.com/software/products/tb2 http://www.securityfocus.com/archive/1/504554/100/0/threaded http://www.securityfocus.com/bid/35496 http://www.securitytracker.com/id?1022455 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0392 – Motorola Wimax modem CPEi300 - File Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0392
Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter. Una vulnerabilidad de salto de directorio en sysconf.cgi en los drivers del módem Motorola Wimax CPEi300 permite a los usuarios remotos autenticados leer archivos arbitrarios a través de un .. (punto punto) en el parámetro page. • https://www.exploit-db.com/exploits/7915 http://www.securityfocus.com/archive/1/500545/100/0/threaded http://www.securityfocus.com/bid/33519 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-0393 – Motorola Wimax modem CPEi300 - File Disclosure / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0393
Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en sysconf.cgi en los driver del módem Motorola CPEi300 Wimax permite a los usuarios remotos autenticados inyectar HTML o scripts web arbitrarios a través del parámetro page. • https://www.exploit-db.com/exploits/7915 http://www.securityfocus.com/archive/1/500545/100/0/threaded http://www.securityfocus.com/bid/33519 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2548 – Motorola RAZR JPG Processing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-2548
Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption. Desbordamiento de búfer basado en pila en el componente thumprint en el validador EXIF sobre móviles Motorola con firmware RAZR, permite a atacantes asistidos por el usuario ejecutar código de su elección a través de la transmisión de un MMS con una imagen JPG mal formada, lo que lanza un corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS. The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device. • http://secunia.com/advisories/30409 http://www.securityfocus.com/archive/1/492668/100/0/threaded http://www.securitytracker.com/id?1020117 http://www.vupen.com/english/advisories/2008/1671/references http://www.zerodayinitiative.com/advisories/ZDI-08-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/42656 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •