Uploading new firmware without access to the panel
Netis WF2419 is vulnerable to remote code execution due to improper input validation. An attacker can send a specially crafted HTTP POST request to the vulnerable page '/cgi-bin-igd/netcore_set.cgi' with a malicious command in the 'tools_ip_url' parameter. This will allow the attacker to execute arbitrary commands on the vulnerable device.
This is an exploit to automatically upload a PHP web shell to the qdPM platform via the 'upload a profile photo' feature. This method also bypasses the fix put into place from a previous CVE.
Cacti v1.2.8 is vulnerable to unauthenticated remote code execution. An attacker can send a malicious request with a payload to the graph_realtime.php file to execute arbitrary code on the server. The payload is sent as a cookie with the name 'Cacti' and the value is the malicious command encoded with the quote() function.
A remote code execution vulnerability exists in Cacti v1.2.8 due to insufficient sanitization of user-supplied input. An unauthenticated attacker can exploit this vulnerability by sending a malicious payload to the vulnerable server to execute arbitrary code.
A vulnerability in Apache Tomcat's AJP protocol allows an attacker to read arbitrary files on the server. This is due to the lack of authentication and authorization checks in the AJP protocol. The vulnerability is present in all versions of Tomcat prior to 9.0.30, 8.5.50, and 7.0.99.
The Comtrend VR-3033 is prone to Multiple Authenticated Command Injection vulnerability via ping and traceroute diagnostic page. Remote attackers are able to get full control and compromise the network managed by the router.
A vulnerability in OpenSMTPD's default install allows an attacker to execute arbitrary code with root privileges. The vulnerability is due to a lack of input validation in the SMTP protocol parser. An attacker can send a specially crafted SMTP command to the server, which will cause the parser to execute arbitrary code with root privileges. This can be used to gain access to the server and execute malicious code.
A vulnerability in OpenSMTPD allows an attacker to read arbitrary files on the system. This is due to a lack of proper input validation when handling the PATH_SPOOL PATH_OFFLINE directory. An attacker can exploit this vulnerability by creating a large number of files in the PATH_SPOOL PATH_OFFLINE directory, which will cause the program to crash when attempting to read the files.
PhpIX 2012 Professional is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'id' parameter in the product_detail.php page. This can be exploited to bypass authentication, access, modify and delete data in the back-end database.
Services By CQR