The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.
This exploit is a local exploit for GSM SIM Utility. It allows for a direct return-oriented programming attack. The code provided in the script is for educational purposes only and should not be used for illegal activities.
The denial of service, happens on mikrotik router's winbox service when the attacker is requesting continuesly a part of a .dll/plugin file, so the service becomes unstable causing every remote clients (with winbox) to disconnect and denies to accept any further connections. Sending requests specially crafted for the winbox service, can cause a 100% denial of winbox sevice.
A buffer overflow vulnerability exists in GSM SIM Utility 5.15, which allows an attacker to execute arbitrary code by sending a specially crafted SMS file. The vulnerability is due to a lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can exploit this vulnerability by sending a specially crafted SMS file to the vulnerable application, which can result in arbitrary code execution.