Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users (Admin, GENEXIS, user3) in plain text behind login page source "http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware, etc.
The vulnerability allows an attacker to include local files on the server by manipulating the 'phpEx' parameter in the 'printview.php' script of PNphpBB2 version 1.2i or earlier. This can lead to unauthorized access to sensitive files, such as the '/etc/passwd' file.
The TP-Link TP-SG105E is a "5-Port Gigabit Easy Smart Switch". It features a web front end and an application (Easy Smart Configuration Utility) for easy configuration management. The device does not properly restrict access to an internal API. It is therefore possible to remotely reboot the device by sending a HTTP POST request.
This module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This exploit supports 64-bit Ubuntu Linux systems, including distributions based on Ubuntu, such as Linux Mint and Zorin OS. Target offsets are available for Ubuntu 16.04 kernels 4.4.0 <= 4.4.0-116-generic; and Ubuntu 16.04 kernels 4.8.0 <= 4.8.0-54-generic. This exploit does not bypass SMAP. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on various 4.4 and 4.8 kernels.
The exploit creates a malicious payload to cause a denial of service attack on BOOTP Turbo 2.0. It overwrites the SEH chain of the main thread, causing the application to crash.
This exploit allows an attacker to inject XML external entities into the Citrix XenMobile Server, potentially leading to disclosure of internal files or denial of service attacks. The vulnerability exists in XenMobile Server 10.8 before RP2 and 10.7 before RP3. By sending a specially crafted XML payload, an attacker can exploit this vulnerability to trigger the XXE vulnerability and perform unauthorized actions.
This vulnerability allows an attacker to include remote files in the XZero Community Classifieds version 4.95.11 and earlier. By manipulating the 'path_escape' parameter in the 'config.inc.php' file, an attacker can include arbitrary files from a remote server. This can lead to remote code execution or other malicious activities.
Trend Micro Security can potentially allow an attackers to use a malicious program to escalate privileges to SYSTEM integrity and attain persistence on a vulnerable system.
The Wordpress Time Capsule Plugin version 1.21.16 and below allows an attacker to bypass authentication and gain administrative access. This can be exploited by sending a specially crafted request to the target server. The vulnerability was discovered by B. Canavate and is based on previous research by the team at webarxsecurity.com. A proof-of-concept code is available on GitHub.
The XZero Community Classifieds script version 4.95.11 is vulnerable to Local File Inclusion (LFI) and SQL Injection. The LFI vulnerability can be exploited by manipulating the 'pagename' parameter in the 'view=page' URL to include arbitrary files. The SQL Injection vulnerability can be exploited by manipulating the 'subcatid' parameter in the 'view=post' URL to execute arbitrary SQL queries. The vulnerabilities allow an attacker to read sensitive files and extract information from the database.
Services By CQR
