The ABB Cylon FLXeon BACnet controller is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. By exploiting this vulnerability, an attacker can launch multiple instances of tcpdump, leading to resource exhaustion, denial of service (DoS) conditions, and potential data exfiltration. The lack of authentication on the WebSocket interface enables unauthorized users to continuously spawn new tcpdump processes, escalating the impact of the attack.
The exploit involves creating a malicious Windows theme file that contains a link to an attacker-controlled SMB server. When the victim opens this theme file, their NTLM hash is captured by the attacker. This vulnerability is identified as CVE-2024-21320.
The exploit involves abusing MS Office URI schemes to fetch a document from a remote source. By invoking a specific URI scheme on a victim computer, an attacker can capture and relay NTLMv2 hash over SMB and HTTP.
The ZTE ZXV10 H201L router is vulnerable to remote code execution due to an authentication bypass. This allows an attacker to execute arbitrary code on the device without proper authentication. This vulnerability has the potential to be exploited remotely.
The exploit allows an attacker to reset the administrator password for HughesNet HT2000W Satellite Modem by taking advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon. The exploit also exploits other vulnerabilities like improper use of httokens for authentication and leaking the MD5 hash of the password.
The Elber Reble610 device is vulnerable to an authentication bypass issue that allows attackers to gain unauthorized and administrative access to protected areas of the application. This vulnerability occurs due to a flaw in the password management functionality, specifically in the set_pwd endpoint, which can be manipulated by attackers to overwrite the password of any user within the system.
The exploit allows an attacker to remotely execute arbitrary code on Honeywell PM43 printers with firmware versions prior to P10.19.050004. By sending a crafted payload to the 'loadfile.lp?pageid=Configure' endpoint, an attacker can inject malicious commands. This vulnerability is identified as CVE-2023-3710.
The vulnerability allows an attacker to access sensitive credentials due to unprotected system logs and weak password encryption. By decrypting the passwords stored in the system logs, an attacker can obtain user credentials. This vulnerability has been assigned the CVE identifier CVE-2023-43261.
The vulnerability in Microsoft Windows PowerShell allows for code execution by bypassing single quote restrictions. By using a combination of semicolon and ampersand characters, a specially crafted filename can trigger arbitrary code execution and evade PS event logging. This can lead to unauthorized file execution and potential security breaches.
An attacker can send crafted HEX values to a specific GATT Charactristic handle on the Maxima Max Pro Power smartwatch to perform unauthorized actions like changing Time display format, updating Time, and notifications. Due to lack of integrity checks, an attacker can sniff values on one smartwatch and replay them on another, leading to unauthorized actions.
Services By CQR