This module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
The WebKalk2 version 1.9.0 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by manipulating the 'absolute_path' parameter in the 'engine.inc.php' file, allowing them to include arbitrary files from a remote server.
Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested successfully on a Trendnet TEW-731BR router with emulation.
This exploit allows an attacker to include a remote file in the vulnerable application's code, potentially leading to remote code execution.
This vulnerability allows an attacker to hijack a valid session that is in progress by a legitimate user. Due to the predictable session generation and due to the lack of cookie based authentication in the web interface, it was confirmed that an attacker from a different source IP address can issue valid requests, impersonating the authenticated user. The attack complexity is very low, no special software is required. It was noted that valid sessions do time out after a certain period of inactivity, however hijacked sessions can elongate the session validity. The impact of this vulnerability is that the attacker can bypass intended access restrictions and impersonate currently active users, including administrators. Successful exploitation will result in complete loss of control over the device, and may depend on the compromised user context.
Sending a 'POST /%' request to the webserver will cause an abnormal termination of the program, requiring a reboot of the webserver.
The com_mosmedia component for Mambo and Joomla allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter in (1) media.tab.php or (2) media.divs.php. This vulnerability can be exploited by an attacker to execute arbitrary code on the target system.
Any authenticated or non-authenticated user can perform a stored XSS attack simply by exploiting wp_ajax_nopriv_check_stat action. Plugin uses a widget to display website's visits, so any page that contains this widget will also load the malicious JS code.
The vulnerability allows an attacker to include a remote file from a vulnerable website, which can lead to arbitrary code execution.
The Mambo/Joomla Module Weather is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file using the 'absolute_path' parameter in the 'mod_weather.php' script. This can lead to arbitrary code execution or disclosure of sensitive information.
Services By CQR