The web server (titled "WiFi" in the app) is vulnerable to multiple directory traversal issues which allow an attacker to download, upload, create, or delete any file to which the app has access. The SMB server (titled "Shared Folder") is vulnerable to a Denial of Service attack when issued the command, "dir -c", within smbclient. It also discloses a listing of all readable files within the iPhone's file system via the IPC$ share.
A buffer overflow vulnerability exists in the COM component used by the product SkinCrafter.dll version.1.9.2.0. The vulnerability was tested on Windows Xp Sp3 (EN),with IE6.
A buffer overflow vulnerability exists in 1 Click Audio Converter Activex due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by enticing a victim to open a malicious web page containing a specially crafted HTML object tag. This can result in arbitrary code execution in the context of the current user.
The vulnerable file is called simple-guest-post-submit.php and its full path is /wp-content/plugins/really-simple-guest-post/simple-guest-post-submit.php. The vulnerable code is as follows: (line 8) require_once($_POST["rootpath"]); As you can see, the require_once function includes a data based on user-input without any prior verification. So, an attacker can exploit this flaw and come directly into the url /wp-content/plugins/really-simple-guest-post/simple-guest-post-submit.php and send a post data like: "rootpath=the_file_to_include". Proof of concept: curl -X POST -F "rootpath=/etc/passwd" --url http://localhost/wp-content/plugins/really-simple-guest-post/simple-guest-post-submit.php which will print out the content of /etc/passwd file.
Any authenticated or non-authenticated user can perform a local file inclusion attack by exploiting the wp_ajax_nopriv_load_template action. Plugin simply includes the file specified in 'template' POST parameter without any further validation.
An independent vulnerability laboratory researcher discovered an unicode buffer overflow vulnerability in the official WebDrive v12.2 (Build 4172) 32 bit software. The buffer overflow vulnerability allows to include unicode strings to basic code inputs from a system user account to compromise the software. The vulnerability is located in the `username` and `password` input fields of the software.
JilidFTP is a powerful ftp-client program for Windows, it fast and reliable and with lots of useful features. It supports multi-thread file upload or download, so you can upload or download several files at the same time. The job manager integrates with the Windows scheduler engine, this provide you more freedom and flexibility to upload or download your files. It can also traces changes within a local directory and apply these changes to remote ftp server. The user-friendly interface lets your software distribution, uploading files to a web-server, and providing archives for various purposes more easily. To exploit this vulnerability, an attacker can copy the AAAA...string from Jildi_FTP.txt to clipboard, open Jildi Ftp and press Connect and paste it in the Option -- Name or Address --and press connect.
No CSRF token in place, therefore we can add arbitrary users to the system. variabili.php has multiple XSS vectors using POST method, one input field 'altezza_iframe_tabella_gid' will store XSS payload into the MySQL database which will be run each time variabili.php is accessed from victims browser.
Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs: 1) Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and 2) Reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.
Seagate Central by default has a passwordless root account (and no option to change it). One way to exploit this is to log into it's ftp server and upload a php shell to the webroot. From there, we can execute commands with root privileges as lighttpd is also running as root.
Services By CQR