Multiple SQL injection vulnerabilities in dotCMS (8x CVE)

Posted by Elar Lang on Nov 01

Title: Multiple SQL injection vulnerabilities in dotCMS (8x CVE)
Credit: Elar Lang / https://security.elarlang.eu
Vendor/Product: dotCMS (http://dotcms.com/)
Vulnerability: SQL injection
Vulnerable version: before 3.5; 3.3.1 and 3.3.2 (depends on CVE)
CVE: CVE-2016-8902, CVE-2016-8903, CVE-2016-8904, CVE-2016-8905,
CVE-2016-8906, CVE-2016-8907, CVE-2016-8908, CVE-2016-4040

# Multiple SQL injections in dotCMS framework.

## CVE-2016-8902 -…

Vulnerabilities in D-Link DIR-300

Posted by MustLive on Nov 01

Hello list!

There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery
vulnerabilities in D-Link DIR-300.

————————-
Affected products:
————————-

Vulnerable is the next model: D-Link DIR-300NRUB5, Firmware 1.2.94. All
previous versions also must be vulnerable.

———-
Details:
———-

Abuse of Functionality (WASC-42):

Admin’s login is persistent: admin. Which simplify BF and CSRF…