An authentication bypass vulnerability exists in Tenda A5s Router. An attacker can set a cookie with the value 'admin:language=zh-cn' to gain admin access to the router.
This exploit allows an attacker to inject malicious JavaScript code into the Disqus for Wordpress plugin up to version 2.7.5. The malicious code is injected into the disqus_public_key parameter, which is unfiltered and injectable. The code is then executed when the form is submitted.
VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. Port binding payloads are disregarded due to the restrictive firewall settings.
This module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted of rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.
A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest Additions up to 4.3.10r93012.
TomatoCart suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection. Required Information: Valid user account. PoC: Create a new contact in your address book using the following values. First name: :entry_lastname, Last Name : ,(select user_name from toc_administrators order by id asc limit 1),(select user_password from toc_administrators order by id asc limit 1),3,4,5,6,7,8,9,10)# The new contact will be added to your address book with the admin hash as the contact's street address.
The SR101 routers supplied by Sky Broadband are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: Random, A to Z Uppercase only, 8 characters long, 208,827,064,576 possible combinations ( AAAAAAAA ZZZZZZZZ ) 26^8. We notified Sky Broadband about the problem in January 2014 yet Sky Broadband are still supplying customers with routers / modems that use this weak algorithm. We purchased a used rig in December 2013, comprising off: Windows 7, I3 Processor, 4GB RAM, 2TB Drive, Radeon HD 5850. We generated 26 dictionary files using mask processor by ATOM, piping each letter out to its own file. Using our Radeon HD5850 on standard settings, we were hitting 80,000 keys per second. Breakdown: 26^8 = 208,827,064,576 ( 208 billion possible combinations ) 26^8 / 80,000 keys per second = 2,610,338 seconds 2,610,338 / 60 seconds = 43,505 minutes 43,505 / 60 minutes = 725 hours 725 hours / 24 hours = 30 Days
This vulnerability leads to a Denial of Service vulnerability. Unfortunately, we were unable to retrieve the core dumped but this flaw might result in a Buffer Overflow allowing remote command execution.
A local file include web vulnerability has been discovered in the official PhotoSync Wifi&Bluetooth 1.0 iOS mobile application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application.
Feng Office is prone to a Persistent Cross Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Proof of concept: 1. Create or Edit a client 2. Complete the field Name ( customer[name] ) using this value: "><script>alert('XSS by Provensec')</script> 3. Save changes. 4. Share your client in the Activity feed to infect others.
Services By CQR