- Both packet & raw modes are supported ;
- FLZ decompression ;
- Instance ID resolution.
Source code can be found on Github.
In January 2013, Rapid7 published a great paper describing several vulnerabilities in the most common UPnP libraries. Six months later, many devices based on these libraries have not been updated and are still exposed.
For example, the Axis M1011 camera contains a vulnerable version of libupnp, which can lead to …
Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to two vulnerabilities
in WebUI; an XSS and a command injection.
The combination of both allows an attacker (with a little help from the victim) to remotely execute code on the device with root privileges, by sending a specifically …
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection ________________________________________________________________________ Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute arbitrary commands with root privileges. ________________________________________________________________________ Details …
Foscam firmware <= 184.108.40.206 is prone to a path traversal vulnerability in the embedded web interface.
The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials.
GET //../proc/kcore HTTP/1.0
LemonLDAP-NG <=1.2.2 is prone to a security vulnerability involving XML signature wrapping in authentication process.
Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content.
This may lead to authentication bypass.
Due to a bad use …