There is an authentication bypass vulnerability in page=CD35_SETUP_01 that allows you to set a new password even if the password was previously set. By setting a new password with more than 512 characters, the password gets reset and next time you access the router you will be prompted for a new password.
When processing an IP packet with an option size (2nd byte after the option) of 39, it will crash due to an off-by-one error. The maximum available size for the whole IP options field is 40, and two bytes are already used. Checks are done to validate that the option size field is less than 40, but a value of 39 is not checked properly. This vulnerability does not affect all options and is dependent on the underlying protocol.
This is a proof of concept for a remote stack buffer overflow vulnerability in Embedthis Appweb. The vulnerability occurs when processing debugging information in the application. By sending a specially crafted request, an attacker can overflow the stack and potentially execute arbitrary code. This vulnerability has been identified in the ASM instructions provided.
This exploit is a universal buffer overflow in MediaCoder version 0.7.1.4490. It is triggered by opening a specially crafted .lst or .m3u file. The exploit overflows the SEH (Structured Exception Handler) and allows arbitrary code execution.
The Papoo CMS allows authenticated users to upload GIF, JPG and PNG images if they have the "upload images" privilege, which is true for all default groups that can access the administrative interface. The CMS checks the uploaded images only for their header, but not for the file extension. It is therefore possible to upload images with the file extension ".php" and a valid image header. By embedding PHP code into the image (e.g. by using the GIF comments field), arbitrary code can be executed when requesting the image.
The SUMUS server contains a remotely exploitable buffer overflow in the httpd portion of its server code. The overflow occurs in a while() byte-by-byte write loop, and the integers used in the loop get overwritten before reaching the eip/return address.
This exploit allows an attacker to cause a Denial of Service (DoS) on the MyServer 0.4.3 application. By sending a specially crafted request, the server will become unresponsive and stop serving legitimate requests.
This exploit targets a vulnerability in the com_pms component of Joomla versions <= 1.0.15. The vulnerability allows an attacker to perform SQL injection attacks. The exploit requires a valid account on the target Joomla site with Community Builder Suite 1.1.0 installed. The attacker needs to copy the cookie information of a logged-in user and modify the User-Agent header of the POST request to match the browser used to log in. The exploit can be executed by running the provided script. If successful, the attacker can access the ignore list of the target site and view usernames and passwords.
This is a proof-of-concept exploit for MS05-016 vulnerability. The exploit is designed to create a .hta file which, when executed, runs a command to open Notepad.exe and then closes the window. It uses a specific pattern of characters to create a file named SAVE.DDD. The exploit code is written in C language.
BitComet 0.57 discloses proxy passwords to local users.
Services By CQR
