This Modem's Web Application suffers from Cross-site request forgery through which attacker can manipulate user data via sending him malicious craft url. The Modems's Application not using any security token to prevent it against CSRF. You can manipulate any userdata. PoC and Exploit to change user password:
PhpMyRing <= 4.1.3b is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file through the 'fichier' parameter in 'leslangues.php' script. This can be exploited to execute arbitrary code on the affected server.
An attacker can exploit this vulnerability by injecting a simple PHP script. The vulnerability exists in the class.Quick_Config_Browser.php file of the Cadre application, where an include_once function is called with an unsanitized input parameter.
An unprivileged authenticated user can download arbitrary files with the permissions of the web server using the report download functionality. By generating a report, the user's browser will make a request to /servlet/downloadReport?reportFileName=blah. The user can put in a relative directory traversal attack and download /etc/passwd. An unprivileged authenticated user can initiate a SQL injection attack by creating an audit report and controlling the username specified in the audit report.
This exploit takes advantage of a vulnerability in Hailboards v1.2.0 where it allows remote file inclusion. By including a malicious file through the 'phpbb_root_path' parameter, an attacker can execute arbitrary code on the target system. The exploit code is provided in the given link.
The process memory region starts with a null byte but exploitation is still possible because of the little endian architecture provided that the return address gets placed at the end of the buffer, this however confines us in the tiny 4-byte area after pop/pop/retn. Using a couple of trampolines, I jumped back to the beginning of the buffer which is 533 bytes, enough to fit a calc payload.
ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths. Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.
This exploit allows an attacker to include a remote file in the phpbb_root_path parameter of the target script. This can lead to remote code execution.
PHP is prone to 'safe_mode_exec_dir' and 'open_basedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to execute arbitrary code.
This exploit allows an attacker to perform a remote SQL injection attack on ExoPHPDesk version 1.2.1 through the faq.php file. By manipulating the 'id' parameter in the URL, an attacker can execute arbitrary SQL queries and potentially gain unauthorized access to the database.