The application allows malicious HTTP requests to be sent in order to trick a user into adding/ deleting web pages. A crafted HTTP page with delete/ add option can be hosted on a server and upon sending the link to a user and upon click, it gets triggered and the page is added/deleted.
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via "/xml/system/setAttribute.xml" URL, using GET request to the end-point "?id=0&attr=protectAccess&newValue=0" (successful attack will allow attackers to login without authorization).
The downloader feature of GetGo Download Manager is vulnerable to a buffer overflow which can cause a denial of service. To test the proof of concept, have it executed in your machine and let the GetGo application download 'index.html' from your given IP. SEH details (Windows 7 x86): SEH chain of thread 00000644, item 1 Address=0863E2C8 SE handler=68463967 <-> 4108 offset SEH chain of thread 00000644, item 2 Address=46386746 <-> 4104 offset SE handler=*** CORRUPT ENTRY ***
After Successfully Connected to D-Link DIR-600 Router(FirmWare Version : 2.01), Any User Can Bypass The Router's Root password as well bypass admin panel. D-Link DAP-1360 devices with v6.x firmware allow remote attackers to read passwords via a errorpage paramater which lead to absolute path traversal attack. Its More Dangerous when your Router has a public IP with remote login enabled.
qh_core, qh_help, and qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
The tool doesn't verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name. This potentially allows forced downloading of a remote executable to end users host when the report is veiwed in a web browser.
The router is vulnerable to a cross-site request forgery attacker. If an administrator is currently logged in and visits a remote webpage containing forms existing in the router's firmware, a request can be forged to modify existing settings or even set the router to its default state. These are two examples that can work in the proof of concept: /goform/SysToolReboot - Reboot the router /goform/SysToolRestoreSet - Set the router to default settings
Synology DiskStation Manager 4.1 is vulnerable to a directory traversal attack which allows an attacker to read arbitrary files on the system. This can be exploited by sending a specially crafted HTTP request containing an absolute path to the vulnerable script uistrings.cgi. An attacker can read arbitrary files on the system such as /etc/synoinfo.conf.
The application allows user injected payload which can lead to Stored Cross Site Scripting. Proof of Concept: Visit the application as low priv user, go to add page option, under title, enter any XSS payload like: <script>alert("XSS");</script> Upon the payload being injected, the subsequent page is triggered with XSS payload.
A directory traversal vulnerability exists in GeoVision GV-SNVR0811, which allows an attacker to read arbitrary files on the system. This is achieved by sending a specially crafted GET request containing directory traversal sequences such as '../../../../../../../../../../../../etc/passwd' to the target.
Services By CQR