The vulnerable method exposes 'scriptFunction' as 'this' when getting the 'length' property. A proof of concept code is provided which uses the __defineGetter__() method to set the 'length' property of the function to a variable, which is then used to call the 'scriptFunction' with arbitrary parameters, leading to type confusion.
Chakra, the JavaScript engine used in Microsoft Edge, is vulnerable to an integer overflow in the JIT optimization process. This vulnerability occurs when an integer overflow continuously occurs in the JITed code or it's known that a value doesn't fit in an int at compile time. In such cases, Chakra considers the value to be a float, which can lead to an integer overflow. This can be exploited to cause a denial of service or potentially execute arbitrary code.
The Master IP CAM 01 suffers of multiple vulnerabilities: Is possible to access telnet with the hardcoded credential root:cat1029. Download: http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi. Upload Form: <form name="form6" method="post" enctype="multipart/form-data" action="cgi-bin/hi3510/restore.cgi" > <input type="file" name="setting_file" > <input type="submit" value="restore" > </form>. Change configuration: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080. List of available commands here: http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf. Retrieve sensitive information: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser.
The vulnerability is in the key parameter of phpprint.php. The $key variable is not encoded, which allows for easy XSS exploitation. The proof of concept is http://vulnerable/index.php?action=Login&module=Users&print=a&"/><script>alert('xss')</script>
The Belkin N600DB Wireless Router is vulnerable to multiple security issues, including wireless fingerprinting, web fingerprinting (with locked web interface), disclosure of wifi password, closed 'HTTPD server' port, web backdoor, and server-side request forgery (HTTP/FTP).
The vulnerability exist in the web interface of D-Link's various routers which are susceptible to unauthorized DNS change. The problem is when entering an invalid / wrong user and password. Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like steering unknowing users to bad sites, replacing ads on legitimate sites, controlling and redirecting network traffic, and pushing additional malware.
With support for automatic thumbnails & image resizing in over 200 image formats, robust privacy options, secure image manager, external storage a feature rich admin area and free migration scripts, Reservo really does tick every box. Reservo Image Hosting is vulnerable to XSS attacks. The affected function is its search engine. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
Testing for malicious files verifies that the application/system is able to correctly protect against attackers uploading malicious files. Vulnerabilities related to the uploading of malicious files is unique in that these βmaliciousβ files can easily be rejected through including business logic that will scan files during the upload process and reject those perceived as malicious. Additionally, this is different from uploading unexpected files in that while the file type may be accepted the file may still be malicious to the system.
The Transmission BitTorrent Client uses a client/server architecture, the user interface is the client and a daemon runs in the background managing the downloading, seeding, etc. Clients interact with the daemon using JSON RPC requests to a web server listening on port 9091. By default, the daemon will only accept requests from localhost. However, an attack called 'dns rebinding' can be used to bypass this restriction. This attack works by a user visiting a malicious website, which has an iframe to a domain that the attacker controls. The attacker's DNS server responds alternately with 127.0.0.1 and an address they control with a very low TTL. When the browser resolves to the address they control, they serve HTML that waits for the DNS entry to expire, then they XMLHttpRequest to the domain they control and have permission to read and set headers.
Seagate Media Server uses Django web framework and is mapped to the .psp extension. Any URL that ends with .psp is automatically send to the Seagate Media Server application using the FastCGI protocol. Two views were found to be affected by unauthenticated command injection. The affected views are: uploadTelemetry and getLogs. These views takes user input from GET parameters and pass these unvalidated/unsanitized to methods of the commands Python module. This allows an attacker to inject arbitrary system commands, that will be executed with root privileges.
Services By CQR