This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for CVE-2018-9285.
ffe065bd21f5291ffd2dce01466f14f19a9e8833bf6d4dc92c47a3e0d3858343This Metasploit module exploits a vulnerability within the "ghelp", "help" and "man" URI handlers within Linux Mint's "ubuntu-system-adjustments" package. Invoking any one the URI handlers will call the python script "/usr/local/bin/yelp" with the contents of the supplied URI handler as its argument. The script will then search for the strings "gnome-help" or "ubuntu-help" and if doesn't find either of them it'll then execute os.system("/usr/bin/yelp %s" % args). User interaction is required to exploit this vulnerability. Versions 18.3 through 19.1 are affected.
3f28bb3a6ac2c99bd902cd75cd3f049768c02b4004a667d25b6b743824daf03eMiniUPnPd versions 2.1 and below suffer from an out-of-bounds read vulnerability.
2aaa71d09817976536dfc7a03db1bc67d6ef7fb15b152cb8ac3c8251862a3b07Belkin F9K1122v1 version 1.00.30 suffers from a buffer overflow vulnerability that can be leveraged via cross site request forgery.
75d065576f91d7879f3ec47241fee98b0b9d6638e1769b45e87a8eec5b426904
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed