An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.
d390d551f82eb4acadb2846114226e2c7365ef75aec7f1a6558793c6fdbee529An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
7f0b91e87a564d26d824adbb7dffa763b108cfaa164e0f92e162509c11ca3762An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0bfeae904f970d08dabdaa8a014eee4efca75639721f7dd9c6b4b2fd1e02c43fAn exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.
b6b5e7d97f80e9991783d37c820d5a565fa0b7b7199695cec240963831c1d23cAn exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to, plaintext passwords and SNMP community strings. An attacker can make an authenticated HTTP request, or run the binary, to trigger this vulnerability.
f3e9e439a12b70a96bfeb02d461beccb29bf0fda4eae49519ccb97a1479c0998An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.
b6ca60016ded995d485b909bbcdce5ced8b2dd7b352b4901d928b5e885d79c1bAn exploitable cross-site request forgery vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests being requested through an authenticated user. An attacker can get an authenticated user to request authenticated pages on the attacker's behalf to trigger this vulnerability.
7446e3c936f9c136b678adfb1f9ae27d1dee0b2057e87e5de249142841de43f3A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in a hard-coded, in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability.
5464014b705bff7982ea1c8756b42d94e9b409b6553334a62b4218d81a0b8357An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.
94904005a117eb6fda194315d152fd94ea44aa87006ebcb29834bdb9395935ceAn exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.
843062931f3d85ff42aac061fbc4007b19a65b2deb3e53ce1c161532a0586172An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.
03dc48edf642f79b31afeae22c3d7656aa0c1b7af7fa4437850772c1cd927437An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.
af5b23fa20f418a3ae4846c607a1b417e1e10c46d2de2f3be018020bcadeb4d2Apple Intel HD 3000 graphics driver version 10.0.0 suffers from a local privilege escalation vulnerability.
3e5d2696bc6839ebf47fb06c0e42e065d3ee82398e3dd4e1241db80224bc448f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed