TPLINK WIreless Router WR740N has a Cross Site Request Forgery Vulnerability in its Web Console. Attacker can easily change Wireless password,Reboot Router,Change Settings by simply making the user visit a CSRF link. Application uses 'HTTP-REFERER' check functionality to check for CSRF attacks. But it can easily be bypassed using the 'Referer' parameter with value set to target's I.P in the GET request.
A buffer overflow vulnerability exists in ALLPlayer 5.7 when a specially crafted .m3u file is opened. This can be exploited to execute arbitrary code by overwriting the SEH handler with a POP POP RETN sequence and then jumping to a venetian alignment followed by a calc.exe payload.
Mybb Ajaxfs Plugin is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to sensitive information from the database. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'tooltip' and 'usertooltip' parameters of the ajaxfs.php script. An attacker can send a maliciously crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in the context of the application's database. This may allow the attacker to access or modify data, or even gain access to the underlying file system and operating system.
This exploit allows an attacker to change the password of a victim's wifi by sending them a malicious URL. The URL contains a parameter, wlWpaPsk, which is where the attacker can enter the new password they want to set for the victim's wifi. If the victim clicks on the URL, their modem/router will reboot automatically with the new password provided by the attacker.
This exploit discloses the Wifi password of Pirelli Discus ADSL DRG A125g router. It uses LWP::UserAgent and HTTP::Request to send a GET request to the vulnerable file wlbasic.html. The content of the response is parsed to extract the SSID, encryption method and the password.
An attacker can change the SSID value of a Pirelli Discus DRG A125g router by sending a malicious URL to the victim. The URL contains a parameter 'wlSsid' which is where the attacker will enter the new SSID. If the victim clicks on the URL, the modem/router will reboot automatically with the new SSID provided by the attacker.
A vulnerability exists in Boilsoft RM TO MP3 Converter 1.72 (.wav) which allows an attacker to crash the application by creating a specially crafted .wav file. The specially crafted .wav file contains a header followed by a large amount of NOP instructions. When the application attempts to process the file, it will crash due to the large amount of NOP instructions.
ImpressPages CMS v3.8 is vulnerable to stored XSS. An attacker can inject malicious payloads into the button title field of the admin panel. When the page is refreshed, the payload gets executed, allowing the attacker to gain access to the user's cookies.
It is possible to execute any command as an unprivileged user qmailq by sending a malicious HTTPS request. It is also possible to upload any file (script, binary, etc.) using the wget command. Additionally, it is possible to download and execute a file with a malicious HTTPS request. Furthermore, it is possible to make privilege escalation to root with a weak sudoers configuration, on /tmp/rc.firewall file, by overwriting the file with a malicious script.
A File Inclusion and Reflected Cross Site Scripting vulnerability was discovered during the testing of Sojobo, Static Analysis Tool. It is possible to create the variable $newlang with an arbitrary value and to allow the inclusion of an arbitrary local file. It is also possible to create the variable $redirect with an arbitrary value and to inject arbitrary HTML code. Due to XSS filtering the request must be done via POST with the injection data sent as payload.
Services By CQR