The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and change administratorβs password or execute arbitrary system commands on vulnerable system with privileges of the webserver.
A remote attacker can exploit this vulnerability by sending a specially crafted packet to the vulnerable application. The packet contains a malicious payload that will overwrite the stack buffer and execute arbitrary code. The attacker can then gain full control of the vulnerable system.
This proof of concept demonstrates that the admin password can be changed by an attacker in a CSRF attack. However, it seems like any setting in the device can be manipulated using an attack like this. The device does not ask for the current password.
The Finger Server is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking, it is possible for remote unauthenticated users to execute shell commands on the server which will run with the privileges of the webserver. A request like: http://target/finger.cgi?action=archives&cmd=specific&filename=99.10.28.15.23.username.|<shell command>| will cause the server to execute whatever command is specified.
A vulnerability exists in the 'Pointter PHP Micro-Blogging Social Network' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.
A vulnerability exists in the 'Pointter PHP Content Management System' authentication system which allows for administrative privileges by crafting two specific cookies with arbitrary values.
A vulnerability exists in the 'Orbis CMS' fileman_file_upload.php script that allows any authenticated user to upload a PHP script and then run it without restriction.
A vulnerability exists in the 'Free Simple Software' download module which allows for a 'UNION SELECT' to easily expose the application administrator's plaintext password.
A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling portions of SQL code between the affected parameters, successful SQL injection into the software can occur. In the testing done, various 'UNION SELECT' SQL injections can occur.
This module exploits a buffer overflow in Rhinosoft Serv-U 9.0.0.5. Sending a specially crafted POST request with an overly long session cookie string, an attacker may be able to execute arbitrary code.
Services By CQR