Verizon's 4G LTE Network Extender is utilizing a weak default admin password generation algorithm. The password is generated using the last 4 values from the device's MAC address, which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the string 'LTEFemto' resulting in something like 'LTEFemtoD080' as the default Admin password.
This exploit allows an attacker to upload arbitrary files to the target system using the vulnerable Scriptcase 9.7 software. By exploiting this vulnerability, an attacker can potentially upload a malicious PHP file and achieve remote code execution.
This exploit targets the DirectSpeechSynthesis Module (XVoice.dll) version 4.0.4.3303. It allows for remote execution of arbitrary code by exploiting a buffer overflow vulnerability. The exploit is designed specifically for Internet Explorer 7 on Windows XP SP2 and utilizes a heap spray technique.
The Microsoft Exchange Active Directory Topology service in version 15.0.847.40 is vulnerable to an unquoted service path vulnerability. An attacker with local access to the system can exploit this vulnerability to escalate privileges and execute arbitrary code.
The Microsoft Exchange Mailbox Assistants service (MSExchangeMailboxAssistants) in version 15.0.847.40 has an unquoted service path vulnerability, which allows an attacker to potentially escalate privileges on the system.
The Franklin Fueling Systems Colibri Controller Module version 1.8.19.8580 is vulnerable to a local file inclusion (LFI) vulnerability. An attacker can exploit this vulnerability to read arbitrary files on the target system.
The Opmon version 9.11 is vulnerable to cross-site scripting (XSS) attacks. An attacker can inject malicious script code into certain input fields, which will be executed by the victim's browser. This can lead to session hijacking, cookie theft, or other malicious activities.
Unquoted service path vulnerability in Sherpa Connector Service v2020.2.20328.2050 allows an attacker to escalate privileges by placing a malicious executable in the path of the service.
This plugin creates a avatar_uploader from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:Program.exe" to be run by a privileged program making use of WinExec.
Services By CQR