The web interface of this router is affected by muktiple CSRF vulnerabilities which allows to change the following router's parameters: Disable Mac Filtering, Disable/Modify IP/Port Filtering, Disable/Modify Port Forwarding, Disable/Modify Wireless Access Control, Disable Wi-Fi Protected Setup, Disable/Modify URL Blocking Filter, Disable/Modify Domain Blocking Filter, Disable/Modify IP Address ACL, Change Wireless Passphrase, Enable/Modify Remote Access (also on WAN interface)
A vulnerability in FreePBX and Elastix allows an attacker to execute arbitrary code on the system without authentication. This exploit was discovered by Martin Tschirsich and was tested on multiple versions of FreePBX and Elastix. The exploit uses a reverse shell payload to connect to a remote host and port, and then uses Nmap to gain root access.
A remote command execution vulnerability and some XSS in current and earlier FreePBX versions due to missing input sanitization.
A vulnerability exists in index.php for module handling that allows for local file inclusion using a null-byte attack on the 'module' GET parameter.
A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by accessing the 'Database Backup' method without restriction. Due to the way sessions are handled, an attacker can then simply pass the username and password-hash via cookies to assume the administrative role without ever knowing the clear-text version of the password.
The Cyberoam UTM exposes a web interface through a Jetty web server and this winterface allows authenticated users to perform network diagnostic actions such as ping, traceroute, name lookup and so on. These actions are accessible to authenticated users, and are vulnerable to command injection attacks. The parameter 'host' is vulnerable to OS command injection. Some client-side validation is performed to check that the IP address provided is in valid format, however no such validation is performed on server-side. Hence, a malicious user can easily bypass client-sidevalidation checks by using an in-line proxy tool and inject an OS command.
Today we will release a 0day for the vBulletin mod, vBShout. This 0day exploit is brought to you by www.Bugabuse.net/. Enter <script>top.location='https://www.bugabuse.net/';</script> into the shoutbox, go into the archive. Vioala. Persistent XSS exploit. Modify to your liking.
A buffer overflow vulnerability exists in Ricoh DC Software DL-10 FTP Server (SR10.exe) version <= 1.1.0.6. An attacker can send a maliciously crafted request containing a large amount of data to the FTP server, which can cause the server to crash or allow the attacker to execute arbitrary code. This vulnerability affects both Ricoh DC Software DL-10 FTP Server (SR10.exe) and Capftpd (former SR-10).
This module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker can execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Services By CQR