There are no restrictions when a POST request is send to http://<IP>/scripts/upload.php thus allowing any unauthenticated client to upload any data to the /tmp/ApplianceUpdate file. By sending a request (without the need for authentication) to the homepage of the appliance with a cookie "lang=../../../../../../../../../../../../../../../../etc/passwd%00", it's possible to read files on the server, in this example /etc/passwd.
The 'authProvider' parameter in the 'interface/main/main_screen.php' POST script is vulnerable to SQL Injection. A valid 'authPass' password is needed before injection is possible. The POST request below could be used to retrieve passwords from other users and gain higher privilegies.
This module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP v2.07 Server when the "/../" parameters are also sent to the server.
This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code from a remote share. Calc is used in this example.
Some TV's Has Communication Port. Vestel 42pf9322 Models TV Using Port 0f 111 For Network Communications. If You Launch An Attack 0n The Communication Port, Tv System Will Be Crashes.
Any authenticated user, even with the lowest privilege, can download any system file, included the /etc/shadow, samba password files and files owned by the other DSM users, without any restriction. The vulnerability is located in "/webman/wallpaper.cgi". The CGI takes as parameter the full path of the image to download, encoded in ASCII Hex format. The problem is that any file type can be downloaded (not only images) and the path validation is very poor. In fact the CGI checks only if the path starts with an allowed directory (like /usr/syno/synoman/webman), and this kind of protection can be easily bypassed using the ../ attack. A command injection vulnerability, present on the "/webman/modules/ControlPanel/ modules/externaldevices.cgi" CGI, allows any administrative user to execute arbitrary commands on the system, with root privileges.
Microsoft SharePoint is a Web application platform developed by Microsoft. First launched in 2001, SharePoint has historically been associated with intranet content management and document management, but recent versions have significantly broader capabilities. Microsoft has two versions of SharePoint available at no cost, but it sells premium editions with additional functionality, and provides a cloud service edition as part of their Office 365 platform (previously BPOS). The product is also sold through a cloud model by many third-party vendors. SharePoint comprises a multipurpose set of Web technologies backed by a common technical infrastructure. By default, SharePoint has a Microsoft Office-like interface, and it is closely integrated with the Office suite. The web tools are designed to be usable by non-technical users. SharePoint can be used to provide intranet portals, document & file management, collaboration, social networks, extranets, websites, enterprise search, and business intelligence. It also has system integration, process integration, and workflow automation capabilities. Enterprise application software (e.g. ERP or CRM packages) often provide some SharePoint integration capability, and SharePoint also incorporates a complete development stack based on web technologies and standards-based APIs. As an application platform, SharePoint provides central management, governance, and security controls for implementation of these requirements. The SharePoint platform integrates di
After creating POC file (.wav), and simply drag and drop it to Player.
The vulnerability is located in the upload.html file when processing to add (upload) files with via POST method request manipulated filenames. The attacker can inject local path or files to request context and compromise the mobile device.
A path traversal vulnerability was found in the 'edit' functionality of the application which may allow an attacker to view files outside the website's root directory. Using the application's upload functionality it was possible to upload arbitrary file outside the default directory and execute it.
Services By CQR