Backdoor credentials are present in several TOTOLINK products. It affects 4 TOTOLINK products (firmwares come from totolink.net and from totolink.cn): G150R-V1 : last firmware 1.0.0-B20150330 (TOTOLINK-G150R-V1.0.0-B20150330.1734.web) G300R-V1 : last firmware 1.0.0-B20150330 (TOTOLINK-G300R-V1.0.0-B20150330.1816.web) N150RH-V1 : last firmware 1.0.0-B20131219 (TOTOLINK-N150RH-V1.0.0-B20131219.1014.web) N301RT-V1 : last firmware 1.0.0 (TOTOLINK N301RT_V1.0.0.web). It allows an attacker in the LAN to connect to the device using telnet with 2 different accounts: root and 'onlime_r' which gives with root privileges.
TOTOLINK iPuppy, iPuppy3, N100RE and N200RE are wireless LAN routers. Their current firmwares with default configuration are vulnerable to CSRF-attacks and XSS attacks. Since, the anti-CSRF protection is based on a static HTTP referrer (RFC 1945), an attacker can take over most of the configuration and settings using anyone inside the LAN of the router.
The first vulnerability allows to bypass the admin authentication and to get a direct RCE from the LAN side with a single HTTP request. The second vulnerability allows to bypass the admin authentication and to get a direct RCE from the LAN side with a single DHCP request. There are direct RCEs against the routers which give a complete root access to the embedded Linux from the LAN side.
The stored XSS vulnerability allows any authenticated user to inject malicious code via the name of the uploaded file. The vulnerability exists because the file name is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser.
Joomla docman Component 'com_docman' is vulnerable to Full Path Disclosure(FPD) & Local File Disclosure/Include(LFD/LFI). An attacker can exploit this vulnerability to gain access to sensitive information such as the server path and configuration file. The vulnerability is due to the lack of proper input validation when handling user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. The FPD vulnerability can be exploited by sending a request with a blank parameter to the vulnerable application. The LFD/LFI vulnerability can be exploited by sending a request with a malicious parameter to the vulnerable application.
A PoC for a memory corruption vulnerability in ZOC Terminal Emulator-v7. The vulnerability can be exploited by copying the content of a specially crafted file (CRASH.TXT) into the 'Connect to' option and setting the Connection type to Windows Modems.
An SQL injection vulnerability was found in an HTTP post request of the AJAX component from the sysPass software. The attribute getAccounts is not correctly sanitized and therefore can be abused to inject arbitrary SQL statements.
It is possible for an administrative user with the 'assets' permission to overwrite system configuration files via exploiting a directory traversal vulnerability. The following request can be used to update the ‘system.xml’ file of the web application: POST /admin/asset/add-asset-compatibility/?parentId=1&dir=../config HTTP/1.1 Host: pimcore.com Connection: keep-alive Content-Length: 1502 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: https://www.host.com User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36 Content-Type: multipart/form-data; boundary=--------2072505619 Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Cookie: PHPSESSID=nnmupv1knofcpdgjdnivdr4v27; cookie-warn=true; _ga=GA1.2.1941920115.1426505099; pimcore_admin_sid=j79b6ad4afkjimslbj8l5ifuo4
A buffer overflow vulnerability exists in Internet Download Manager due to improper bounds checking which can be exploited to cause a denial of service or potentially allow remote code execution. An attacker can send a specially crafted file to trigger this vulnerability.
SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.
Services By CQR