Due to inproper input validation, all NetAccess devices with a firmware version less than 4.1.9.6 are vulnerable to an arbitrary file disclosure vulnerability. This vulnerability allows an unauthenticated remote attacker to abuse the web interface and read any file on the remote system. Due to the fact that important system files are world-readable, this does include /etc/shadow and thus leads to a full compromise of the device! In addition, an attacker is able to gain access to the proprietary code base of the device and potentially identify as well as exploit other (yet unknown) vulnerabilities.
This exploit targets the in.telnetd service in SunOS 5.10 and 5.11. It allows an attacker to execute arbitrary code remotely by sending a specially crafted payload. The exploit was developed by Kingcope in 2007.
Variables "oi_dir" in index.php are not properly sanitized. An attacker can exploit this vulnerability with a simple php injection script.
Sending a very long username in a Winpopup message can crash an NT box (possibly W95 too). This can be achieved easily from UNIX with 'smbclient -U LOTSandLOTSofcrap -M host'.
The vulnerability is present in the last URI segment of the GET request. An attacker can inject SQL code into the URI to manipulate the database and retrieve sensitive information.
Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
This exploit targets LushiNews version 1.01 and allows for remote SQL injection.
This exploit targets the LightRO CMS 1.0 (index.php projectid) and allows for remote SQL injection. The exploit file name is exploit2.asp. The exploit also includes features to get the header and whois info.
The Sagem Fast 3304-V2 router is vulnerable to an authentication bypass bug which allows unprivileged users to modify the preconfigured root password then log in with administrator permissions. The vulnerability can be exploited by running javascript code in the web browser bar. The default URL to access the web management interface is http://192.168.1.1 but this attack can also be performed by an external attacker who connects to the router's public IP address.
This exploit allows an attacker to include remote files in the vulnerable application. The vulnerability exists in the 'menu.php' file of Site-Assistant version v0990. By manipulating the 'paths[version]' parameter, an attacker can include arbitrary files from a remote server, potentially leading to remote code execution.
Services By CQR