The ABB Cylon Aspect BMS/BAS controller in versions <=3.08.02 is vulnerable to an authenticated stored cross-site scripting (XSS) flaw. An attacker can upload a malicious .txt file with XSS payload, which when stored on the server, can be served back to users. By injecting client-side scripts, attackers can execute arbitrary code in the context of any user accessing the infected file or related web page (license.php). Bypassing file upload checks requires including the Variant string in the request.
The ZTE ZXHN H168N 3.1 router is vulnerable to remote code execution due to an authentication bypass. By exploiting this vulnerability, an attacker can execute arbitrary code on the target device. This vulnerability has not been assigned a CVE ID yet.
The CommScope Ruckus IoT Controller version 1.7.1.0 and earlier contains an upgrade account that provides undocumented access via Secure Copy (SCP), allowing unauthorized individuals to access the virtual appliance.
The Microsoft Windows XRM-MS file type, associated with software licensing, allows adversaries to inject XML stylesheets pointing to LAN network shares or attacker-controlled infrastructure. This leads to outbound connections leaking the target's NTLM hash. The exploit works through LAN network shares or remote drive-by downloads, requiring user interaction to open the file. The xrm-ms file type bypasses some security measures and appears trust-worthy as it defaults to opening in Internet Explorer or Edge on Windows systems.
The exploit allows an attacker to disclose log files of Wipro Holmes Orchestrator v20.4.1. By sending a crafted request to the target system, an attacker can access sensitive log files containing potentially confidential information.
The C program contains a buffer overflow vulnerability due to improper input validation. By sending a specially crafted input, an attacker can overwrite the buffer boundaries and inject malicious code. This can lead to arbitrary code execution and potentially compromise the system. This vulnerability can be identified as CVE-2021-12345.
The exploit involves creating a new process in Linux x64 using the execve() system call with an argument of '/bin//sh'. The argument is encrypted using XOR operation. The shellcode author is Alexys (0x177git). The exploit code can be found at https://github.com/0x177git/xor-encrypted-execve-sh.
Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information such as login credentials. This vulnerability affects multiple versions of the Electrolink transmitters including Compact DAB Transmitter, Medium DAB Transmitter, High Power DAB Transmitter, Compact FM Transmitter, Modular FM Transmitter, Digital FM Transmitter, VHF TV Transmitter, and UHF TV Transmitter.
Windows Defender usually blocks the execution of TrojanWin32Powessere.G, but a bypass using VBScript and ActiveX engine can allow the execution of malicious commands. By adding arbitrary text as the 2nd mshtml parameter, one can bypass the detection. For example, running rundll32 vbscript:"\\..\\mshtml\\..\\PWN\\..\\mshtml,RunHTMLApplication "+String(CreateObject("Wscript.Shell").Run("calc.exe"),0) can execute commands despite Windows Defender protection.
An attacker can bypass authentication on Electrolink FM/DAB/TV Transmitter devices due to a lack of proper authentication mechanisms. This vulnerability affects various models and versions of Electrolink transmitters, allowing unauthorized access to the devices.
Services By CQR