The MacPaw Encrypto version 1.0.1 is vulnerable to an unquoted service path vulnerability. This vulnerability allows an attacker to escalate privileges by placing a malicious executable in a higher privileged directory with the same name as the service executable. When the service is started, the malicious executable will be executed instead. This can lead to remote code execution or other malicious activities.
This exploit allows an attacker to traverse the file system and access files outside of the intended directory. By sending a specially crafted request to the vulnerable endpoint, the attacker can manipulate the 'dir' parameter to access sensitive files on the server.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
The KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is vulnerable to an unauthenticated configuration download exploit. This vulnerability allows an attacker to download the device's configuration without authentication, potentially exposing sensitive information.
The KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is affected by an unauthenticated factory reset vulnerability. This allows an attacker to reset the device to its factory default settings without authentication, potentially giving them unauthorized access to the device and its services.
The controller suffers from a cleartext transmission of sensitive information. This allows interception of the HTTP traffic and disclose the Master code and the Arming code via a man-in-the-middle attack. An attacker can obtain these codes to enter into the controller's Programming mode and bypass physical security controls in place.
The vulnerability allows an attacker to gain elevated privileges by exploiting an unquoted service path in Eclipse Mosquitto MQTT broker version 2.0.9. By manipulating the service path, an attacker can execute arbitrary code with elevated privileges.
The vulnerability allows an attacker to inject malicious code into the 'Accept-Language' header field, which is reflected back in the response. By crafting a specially crafted payload, an attacker can execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, credential theft, or other malicious activities.
Exploit allows for a stack-based buffer overflow in FastStone Image Viewer version 7.5. The overflow occurs in the 'BitCount' field of the .cur file's BITMAPINFOHEADER, allowing for ASLR and DEP bypass.
I found that the checks performed by the upload functionality are insufficient, the upload functionality is vulnerable to CSRF, in addition it allows uploading files and creating folders under "/tmp" and under the home folder (usually "/home/admin"), the later is the one that is important for this exploit to work. I was able to use this to create a ".ssh" folder in the admin home and upload "authorized_keys" file which allowed me to access the server later as "admin" using SSH. Since this relies on a CSRF the admin has to visit a link, please note that sshd is already installed by VestaCP when using the default installation script so no need to install it, also please note that files can be replaced so even if the admin has already added "authorized_keys" file, it will be replaced with the attacker's file. Affected endpoint: "/upload/index.php", i.e. "/upload/index.php?dir=/home/admin/.ssh/"
Services By CQR