The Huawei EchoLife HG520 is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
The vulnerability allows attackers to access source code by exploiting the lack of proper sanitization of user-supplied input in Apache ActiveMQ. By exploiting this vulnerability, an attacker can retrieve arbitrary files from the vulnerable computer in the context of the webserver process, potentially aiding in further attacks.
This module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection.
This module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.
This exploit targets a use-after-free vulnerability in Internet Explorer. It causes a crash when accessing a freed CInput element in the DoReset function of the mshtml module. The vulnerability allows an attacker to execute arbitrary code on a target system.
This exploit takes advantage of a symlink vulnerability in Virex to escalate privileges and gain root access on the target system. By creating a symlink to the root crontab file, the attacker can execute arbitrary commands with root privileges. The exploit also sets up a backdoor for future access and drops a root crontab dropper.
DBSite wb CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Viennabux Beta! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An authenticated attacker can exploit this issue by sending specially crafted ticket-renewal requests to a vulnerable computer. Successfully exploiting this issue can allow the attacker to execute arbitrary code with superuser privileges, completely compromising the affected computer. Failed exploit attempts will result in a denial-of-service condition.
The Two-Step External Link module for vBulletin is vulnerable to a cross-site scripting (XSS) attack. This vulnerability occurs due to the application's failure to properly sanitize user-supplied input. An attacker can exploit this vulnerability by injecting arbitrary script code into the 'url' parameter of the 'externalredirect.php' script. When an unsuspecting user visits the affected site and clicks on the malicious link, the injected script code will execute in their browser, allowing the attacker to steal their cookie-based authentication credentials and potentially launch further attacks.
Services By CQR