Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.
Milw0rm Clone Script v1.0 is vulnerable to a time based SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL code to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
Unauthenticated SQL Injection via 'detail.php?id=' parameter. The vulnerable file is '/home/DOMAIN/domains/DOMAIN.go.th/public_html/detail.php'. The POC is 'http://127.0.0.1/detail.php?id=[SQL]'. The SQLMap command is 'python sqlmap.py --url "http://127.0.0.1/detail.php?id=[SQL]" --dbs'. The vulnerable parameter is 'id' with GET request method.
The affected file is the div_img.php it allowed anybody to upload jpg files. It also support a FPD and we can also delete entry's with http://domain.com/wp-content/plugins/wp-imagezoom/div_img.php?cmd=. Proof of concept is provided.
This vulnerability allows an unauthenticated attacker to remotely change the DNS settings of the D-Link DSL-526B ADSL2+ AU_2.01 router. By sending a specially crafted HTTP GET request to the dnscfg.cgi script, an attacker can change the DNS settings of the router. This can be used to redirect users to malicious websites or to intercept traffic.
This security hole allows an attacker to bypass authentication and change the DNS. When the administrator is logged in the web management interface, an attacker may be able to completely bypass authentication phase and connect to the web management interface with administrator's credentials. This attack can also be performed by an external attacker who connects to the router's public IP address, if remote management is enabled. To change the DNS without logging into web management interface use the following URL: http://TARGET/dnscfg.cgi?dnsPrimary=8.8.8.8&dnsSecondary=8.8.4.4&dnsDynamic=0&dnsRefresh=1&dnsIfcsList=WAN-1
This exploit is a proof of concept for a crash vulnerability in Microsoft Internet Explorer 11. The vulnerability is triggered when the outerHTML of a div element is set to 'AAAA'. This causes an access violation in MSHTML!Tree::ElementNode::GetCElement.
This exploit allows an attacker to change the DNS settings of a TP-Link ADSL2+ TD-W8950ND router without authentication. The exploit is achieved by sending a GET request to the router's dnscfg.cgi page with the desired DNS settings as parameters.
This vulnerability allows an unauthenticated attacker to remotely change the DNS settings of the D-Link DSL-2780B DLink_1.01.14 router. By sending a specially crafted HTTP request to the router, an attacker can change the DNS settings of the router to any DNS server of their choice.
Broadlight Residential Gateway DI3124 is vulnerable to unauthenticated remote DNS change. An attacker can exploit this vulnerability by sending a malicious GET request to the target server. The malicious request will change the DNS server of the target device to the attacker's DNS server. This will allow the attacker to intercept the traffic of the target device.
Services By CQR