A session vulnerability has been discovered in the official ZTE Corporation ZXV10 W300 v3.1.0c_DR0 modem hardware. The security vulnerability allows remote attackers to block/shutedown or delete network settings and components. Attackers can request via GET method the /Forms/home_lan_1 path and the modem will delete all the LAN configurations automatically.
The Garennes version 0.6.1 is vulnerable to Remote File Include. This vulnerability allows an attacker to include remote files by exploiting the 'repertoire_config' parameter in various PHP files. The attacker can specify a malicious file as the value of the 'repertoire_config' parameter, leading to arbitrary code execution.
This exploit allows an attacker to perform SQL Injection on Frogss CMS version 0.7 or below. The attacker can execute arbitrary SQL queries and potentially gain unauthorized access to the database.
Attackers can steal cookie-based authentication credentials, execute arbitrary script code in the browser, and retrieve arbitrary files from the affected system. This can lead to the disclosure of sensitive information and other possible attacks.
The Mosh application is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue by sending specific input to the affected application, causing it to crash or enter an endless loop. This denial-of-service attack can result in a denial of service for legitimate users of the application.
This exploit targets a vulnerability in ProFTPD version 1.3.0 and 1.3.0a. The vulnerability is present in the mod_ctrls module and can be exploited locally. By exploiting this vulnerability, an attacker can execute arbitrary code with elevated privileges. The exploit uses the exec-shield technique to bypass security measures.
This exploit targets a format string bug in the OpenFTPD software. The exploit allows for remote code execution by hijacking the jumpslot for fclose() and using the retaddr from argv[3] to execute arbitrary code. The shellcode is passed through the 'site msg' command, specifically the 'site msg read X' command, where X is the shellcode. This exploit has been tested on the most current version of OpenFTPD.
When doing the ssh dh group exchange old style, if the server sends a malformed dh group exchange reply, it can lead the putty to crash.
The QDBlog v0.4 application is vulnerable to SQL Injection and Local File Inclusion attacks. The SQL Injection vulnerability allows an attacker to bypass the admin access authentication and gain unauthorized access to the administration panel. The Local File Inclusion vulnerability allows an attacker to include arbitrary local files, potentially leading to remote code execution or information disclosure.
SFTP module for FileZilla, based on Putty's PSFTP component, is vulnerable to a denial of service attack. When performing the SSH DH group exchange old style, if the server sends a malformed DH group exchange reply, it can cause the FileZilla component to crash.