The exploit targets multiple Zyxel products with firmware versions 4.09 through 4.71, 4.50 through 5.21, 4.32 through 5.21, 4.30 through 5.21, 1.00 through 1.33 Patch 4, and various earlier versions. These vulnerabilities could be exploited by a local authenticated attacker to trigger buffer overflow or system crash through a crafted payload. The exploit leverages format string bugs in the 'extension' argument of certain zysh commands to execute arbitrary code and escape the restricted shell environment.
The TEM Opera Plus FM Family Transmitter 35.45 devices are vulnerable to Cross-Site Request Forgery (CSRF) attacks due to lack of proper validation of HTTP requests. An attacker can exploit this vulnerability to perform malicious actions with administrative privileges if a logged-in user visits a specially crafted website. This can lead to unauthorized changes in transmitter settings, such as forward power, frequency, and user credentials.
The exploit allows an attacker to connect to a Ricoh printer over FTP using default credentials and access directories such as Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics), and Syslog (System Log). The attacker can list files and directories, read files, and potentially extract sensitive information.
The vulnerability allows an attacker to access sensitive credentials due to unprotected system logs and weak password encryption. By decrypting the passwords stored in the system logs, an attacker can obtain user credentials. This vulnerability has been assigned the CVE identifier CVE-2023-43261.
The Automatic-Systems SOC FL9600 FastLine V06 allows Directory Traversal via a specially crafted HTTP request. An attacker can exploit this vulnerability to read arbitrary files on the server, such as sensitive system files like 'passwd'. This vulnerability has been assigned CVE-2023-37607.
Typora v1.7.4 is vulnerable to OS command injection. By manipulating the 'run command' feature in the PDF export settings, an attacker can inject and execute arbitrary commands, leading to unauthorized access or further exploitation of the system. This vulnerability was discovered by Ahmet Γmit BAYRAM on 13.09.2023.
The MISP version 2.4.171 is prone to a stored cross-site scripting vulnerability. An authenticated attacker can inject malicious scripts into the 'Name' parameter when adding a cluster under the 'Galaxies' section, leading to the execution of arbitrary scripts in the context of the victim's browser. This vulnerability has been assigned CVE-2023-37307.
The Saflok KDF (Key Derivation Function) exploit allows an attacker to derive encryption keys from a 32-bit UID value, resulting in unauthorized access to the system. This vulnerability does not have a CVE assigned yet.
The vulnerability in Atemio AM 520 HD Full HD satellite receiver with firmware <=2.01 allows an unauthorized attacker to execute system commands with elevated privileges by utilizing the 'getcommand' query in the application, leading to root access.
The exploit involves creating a new process in Linux x64 using the execve() system call with an argument of '/bin//sh'. The argument is encrypted using XOR operation. The shellcode author is Alexys (0x177git). The exploit code can be found at https://github.com/0x177git/xor-encrypted-execve-sh.
Services By CQR