The Mobile Hotspot having the said firmware version doesn’t sanitize the input argument 'cmd' used in the page '/goform_get_cmd_process'. A malicious input held by the parameter in the URL could result to client-side script execution or HTML code injection.
A fatal javascript Out-of-Memory (OOM) vulnerability exists in the CALL_AND_RETRY_LAST function of the V8 JavaScript Engine in Google Chrome 71.0.3578.98. An attacker can exploit this vulnerability to cause a denial of service condition. This vulnerability is tracked in Chromium as issue 917631.
This exploit allows a user to overwrite files with trash, potentially allowing them to disable third-party AV software. It requires an internet connection and may not work on some CPUs.
An attacker can access all data following an un/authorized user login using the parameter 'rowid' in the POST request URL http://localhost/doli/htdocs/admin/dict.php?id=16 with the payload 'AND EXTRACTVALUE(6385,CONCAT(0x5c,0x716b717871,(SELECT (ELT(6385=6385,1))),0x7176787171)) AND '%'='&search_code=94102&token=$2y$10$KhKjYSBlkY24Xl8v.d0ZruN98LAFOAZ5a5dzi4Lxe3g21Gx46deHK'
By default, the database can be downloaded by any user. After decoding the file the database should be unserialize. The DELETE ID is stored in Plain Text, this ID can be use to delete a picture.
This exploit allows an attacker to send a malicious SMS to a receiving phone number from a Huawei E5330 router. The administrator who opens the URL should be authenticated. The exploit uses XMLHttpRequest to send a POST request to the router's API with the receiving phone number and the malicious SMS text. The exploit also sets the date of the SMS to the current date and time.
The application suffers from a stored XSS vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user's browser session in context of an affected site.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
A buffer overflow vulnerability exists in SpotFTP Password Recover 2.4.2 when a maliciously crafted 'Name' field is entered, which could allow an attacker to cause a denial of service condition.
A buffer overflow vulnerability exists in BlueAuditor 1.7.2.0 when a maliciously crafted 'Key' is entered into the registration code field. An attacker can exploit this vulnerability to cause a denial of service condition. This can be exploited by running a python code to generate a maliciously crafted 'Key' and then entering it into the registration code field.
Services By CQR