Page 18 of 99 results (0.012 seconds)

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1

Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html, and (2) cause a denial of service (hard reset) via the "Reset All Defaults" value in the BUTTON_INPUT parameter to configdata.html. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Motorola Surfboard con software SB5100-2.3.3.0-SCM00-NOSH permiten a atacantes remotos (1) provocar una denegación de servicio (reinicio del dispositivo) mediante el valor "Restart Cable Modem" en el parámetro BUTTON_INPUT a configdata.html y (2) provocar una denegación de servicio (reset duro) mediante el valor "Reset All Defaults" en el parámetro BUTTON_INPUT a configdata.html. • http://secunia.com/advisories/30026 http://securityreason.com/securityalert/3839 http://www.kb.cert.org/vuls/id/643049 http://www.rooksecurity.com/blog/?p=4 http://www.securityfocus.com/archive/1/491143/100/0/threaded http://www.vupen.com/english/advisories/2008/1390/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42091 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value. El dispositivo NantSys 5.0.0.115 en Motorola netOctopus 5.1.2 construcción 1011 tiene permisos débiles para el dispositivo de interfaz \\.\NantSys (nantsys.sys), el cual permite a usuarios locales ganar privilegios o provocar denegación de servicio (caida de sistema), como se demostró con la modificación del valor SYSENTER_EIP_MSR CPU Model Specific Register (MSR). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=636 http://secunia.com/advisories/28366 http://securitytracker.com/id?1019161 http://www.netopia.com/support/software/technotes/netoctopus/Removing_the_nantsys_Driver.pdf http://www.securityfocus.com/bid/27175 http://www.vupen.com/english/advisories/2008/0062 https://exchange.xforce.ibmcloud.com/vulnerabilities/39503 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 23%CPEs: 1EXPL: 0

Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name. Múltiples desbordamientos de búfer en Motorla Timbuktu Pro anterior a 8.6.5 para Windows permiten a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección mediante (1) un nombre de usuario largo y (2) determinadas peticiones mal formadas; y (3) permiten a servidores Timbuktu tener impacto desconocido mediante una respuesta HELLO mal formada, relacionado con el componente Scanner y posiblemente relacionado con un nombre de máquina mal formado. • ftp://ftp-xo.netopia.com/evaluation/docs/timbuktu/win/865/relnotes/TB2Win865Evalrn.pdf http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=590 http://secunia.com/advisories/26588 http://www.securityfocus.com/bid/25454 http://www.securitytracker.com/id?1018614 http://www.vupen.com/english/advisories/2007/2990 https://exchange.xforce.ibmcloud.com/vulnerabilities/36280 https://exchange.xforce.ibmcloud.com/vulnerabilities/36281 https://exchange.xforce.ibmcloud.com/vulnerabilities/36282 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1

Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services. Vulnerabilidad de salto de directorio en Motorola Timbuktu Pro anterior a 8.6.5 para Windows permite a atacantes remotos crear o borrar archivos de su elección mediante un .. (punto punto) en una petición Send (Enviar), probablemente relacionada con los servicios (1) Send (Envío) y (2) Exchange (Intercambio). • https://www.exploit-db.com/exploits/30532 ftp://ftp-xo.netopia.com/evaluation/docs/timbuktu/win/865/relnotes/TB2Win865Evalrn.pdf http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=589 http://secunia.com/advisories/26588 http://www.securityfocus.com/bid/25453 http://www.securitytracker.com/id?1018614 http://www.vupen.com/english/advisories/2007/2990 https://exchange.xforce.ibmcloud.com/vulnerabilities/36273 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 3.3EPSS: 1%CPEs: 1EXPL: 0

The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. El teléfono Motorola MOTOZAR V3 permite a atacantes remotos provocar denegación de servicio (diálogos modales continuos e indisponibilidad de interfaz de usuario) intentando repetidamente pulsando OBEX, un archivo sobre Bluetooth, como se demostró con ussp-push. • http://securityreason.com/securityalert/2180 http://www.securityfocus.com/archive/1/457768/100/0/threaded http://www.securityfocus.com/archive/1/457797/100/0/threaded • CWE-20: Improper Input Validation •