Showing 1 - 1 of 1

CVE-2014-8357

Status Candidate

Overview

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.

Related Files

Zhone Insecure Reference / Password Disclosure / Command Injection: Posted Oct 12, 2015; Authored by Lyon Yang; Zhone ZNID GPON 2426A suffers from insecure direct object reference, password disclosure, command injection, cross site scripting, and privilege escalation vulnerabilities. Versions prior to S3.0.501 are affected.; tags | exploit, vulnerability, xss; advisories | CVE-2014-8356, CVE-2014-8357, CVE-2014-9118; SHA-256 | 9771ec7426f0a535756a36d56d77084397753e077e3c524477ca5ee2635f27dd; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 282 files
Jay Turla 150 files
indoushka 149 files
Ubuntu 69 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
Gentoo 31 files
H D Moore 31 files
Debian 30 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,117)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,059)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,725)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,806)
UNIX (9,449)
UnixWare (187)
Windows (6,762)
Other

CVE-2014-8357

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems