DeviceViewer 3.12.0.1 is vulnerable to a buffer overflow attack when creating a new user. An attacker can generate a malicious payload via the POC and set the username to the malicious payload when creating a new user. This will cause the program to crash.
This is an alternative (and complete) exploit for CVE-2019-8605. The exploit code is in “SockPuppet3.cpp”, other files are either helpers or documentation. This exploit has already been verified in production several times.
This vulnerability allow remote attacker to view the contents of arbitrary directories under the security context of the SYSTEM or root user.
Authenticated Local File Inclusion(LFI) vulnerability exists in GilaCMS version 1.10.9. An attacker can exploit this vulnerability by sending a crafted request to the application. An attacker can include a local file on the server by sending a crafted request to the application. This can lead to sensitive information disclosure.
InputMapper is vulnerable to a local denial of service attack. By copying a string of 15000 'A's into the Username field and double-clicking on it, the application will crash.
The vulnerability is caused due to the improper validation of user-supplied input in the 'getadslattr.cgi' script. A remote attacker can exploit this vulnerability to disclose the ADSL credentials of the vulnerable device.
LayerBB is a free open-source forum software, multiple CSRF vulnerabilities were found such as editing user profiles and forums.
Simple XSS attack after application authentication. A POST request is sent with a malicious script in the 'title' parameter.
The default password for SSH is 'welc0me' and the only security measure preventing SSH Login is the disabled SSH Port and it can be enabled with above POST Header. The attacker can then login to SSH Port with default password. WD My Book World II NAS is very outdated hardware and Western Digitial may never release update for it. It is still using PHP 4 so it has more potential of Remote Exploits. All firmwares listed at https://support.wdc.com/downloads.aspx?p=130&lang=en are vulnerable.
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
Services By CQR