Multiple information exposure vulnerabilities enable an attacker to obtain credentials and other sensitive details about the ZXHN H108N R1A. User names and password hashes can be viewed in the page source of http://<IP>/cgi-bin/webproc. The configuration file of the device contains usernames, passwords, keys, and other values in plain text, which can be used by a user with lower privileges to gain admin account access. The ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, does not properly restrict access to the web interface. An attacker can bypass authentication and gain access to the web interface without valid credentials. The ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, is vulnerable to CSRF attacks. An attacker can send a malicious request to the router and perform actions with the privileges of the currently logged-in user. The ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, is vulnerable to OS command injection. An attacker can inject arbitrary commands into the router and execute them with root privileges. The ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, is vulnerable to XSS attacks. An attacker can inject malicious JavaScript into the router and execute it with the privileges of the currently logged-in user.
Any non-admin user can change 'admin' password by accessing Password Change page - http://<IP>/password.htm and submitting request. Intercept and Tamper the parameter username change from 'support' to 'admin' and enter the new password. Also, displaying user information over Telnet connection, shows all valid users and their passwords in clear-text. Same login account can exist on the device, multiple times, each with different priority#. It is possible to log in to device with either of the username/password combination.
The vulnerability exists due to failure in the "/admin/cmdshell.php" script to properly verify the source of HTTP request. A remote attacker can trick a logged-in administrator to visit a malicious page with CSRF exploit and execute arbitrary system commands on the server.
This module exploits an authenticated privilege escalation vulnerability in the iControl API on the F5 BIG-IP LTM (and likely other F5 devices). This requires valid credentials and the Resource Administrator role. The exploit should work on BIG-IP 11.3.0 - 11.6.0, (11.5.x < 11.5.3 HF2 or 11.6.x < 11.6.0 HF6, see references for more details).
Surgeftp web-interface suffers with multiple Stored XSS vulnerabilities. They are: Stored XSS in 'Domain Name' field and Stored XSS in 'Mirrors'. Previously, Somebody else reported Stored XSS vulnerabilities in SurgeFTP. Vendor tried to fix the previously reported XSS vulnerabilities by blacklisting only the <script>alert('blah')</script> payload which is well not a good practice since i have triggered the same vulnerability by just entering different XSS payload, therefore White-listing is the correct solution.
A buffer overflow vulnerability exists in Sam Spade 1.14 when a maliciously crafted file is opened. This can lead to a denial of service or memory overwrite.
A buffer overflow vulnerability exists in SuperScan 4.1 Windows Enumeration Hostname/IP/URL Field, which could allow an attacker to cause a denial of service condition. The vulnerability is due to a lack of proper validation of user-supplied input when handling a specially crafted file. An attacker can exploit this vulnerability by supplying a specially crafted file to the vulnerable application. This will cause a denial of service condition.
SuperScan 4.1 is vulnerable to a buffer overflow when a maliciously crafted Hostname/IP/URL is sent to the application. This can cause a denial of service condition when the application crashes.
A buffer overflow vulnerability exists in SuperScan 4.1 when a maliciously crafted input is sent to the Hostname/IP field. This can cause a denial of service condition when the application crashes.
IBM i Access for Windows is vulnerable to a buffer overflow. A local attacker could overflow a buffer and execute arbitrary code on the Windows PC. The buffer overflow vulnerability can be remediated by applying Service Pack SI57907.
Services By CQR