This Metasploit module exploits a buffer overflow in the zhttpd binary (/bin/zhttpd). It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host.
fc9419af3871336277cafde42125966d876812e4e57c8b48da3a83050219381f
Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected.
e22e6ec79251f3937a92331fc63981e433da65af4916b07f8c2c7428e6ca9dad
Multiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities.
0ba1f45b7a5254a119e2a3aeddf4279392e2e0120fe45790d15563c4eadf7fd2
Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities.
261e0a7af24605abbcb498cca0acda8b6897b40daab2471d8fafde95edc1b848
BMD BMDWeb 2.0 versions prior to 24.01.21 suffer from persistent cross site scripting vulnerabilities.
499c18c38e8687b39167ce9265f6c4cdf83a764a4642327eea6fa7a0feb38768
Fortinet products, including FortiGate and Forticlient, regularly send information to Fortinet servers using XOR "encryption" with a static key. FortiClientWindows versions 6.0.6 and below, and FortiClientMac versions 6.2.1 and below. After this advisory was released, Fortinet has confirmed that only FortiOS version 6.2.0 includes the patch.
8dc47eb79b4cc21fe29d2fa486d30fd36bd9bb27983db8a7c9f4ea84620972f0
XMeye P2P Cloud used with Xiongmai IP Cameras, NVRs and DVRs suffer from predictable Cloud IDs, default admin password, and various other issues that can result in remote code execution.
91c7dfdf6aeb957aa46e50283fc95205a17b991e8e99993f7b09e7fd6a521bdb
FortiGate SSL VPN Portal versions 5.6.2 and below, 5.4.6 and below, 5.2.12 and below, and 5.0 and below suffer from a cross site scripting vulnerability.
b2d5f1ba485a9729c93cfe8c29db752eb3863fb1cf9c67796c558e28b07dd9e9
Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).
1c406ac717264e13cef5f2341197c0e2013b4a9fe6fe7c509442d497b4bb32b7
Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionality. After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges.
22e3af92e387283941072a466bbafa59aa472e2642354166a328c50464384720
Various Aruba Networks and Alcatel-Lucent products have a private key for a browser-trusted certificate embedded in firmware.
06c335f955be1dbd40f9923d7ef00304736343ab2994d27937a6c171714debbf
Various Ubiquiti Networks products suffer from having hardcoded keys and also having remote management interfaces enabled that can be leveraged by these credentials.
92721278eb65c5e1f8f671b891d965595191b866fed7ef14a87bd372a6353da0
NetUSB stack buffer overflow denial of service exploit.
5442a486e9656c62a01cfaf5fcfda32c973d961030d9fd315377e310ff046fcc
KCodes NetUSB suffers from a kernel stack buffer overflow vulnerability.
23355f32384caa77fd5215fcd1180af3983315488b8385634c6831717e64c2fd
Multiple TP-LINK products suffer from a local file disclosure vulnerability.
77dc5766ead42d5a0627853f735788b13644c3d13432f56e13c5ebedd4253fa3
Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.
c2294e75032fb839b9cb87eecedc88efda3874129c4fc1fbc3e1c516eb643ca7
VDG Security SENSE version 2.3.13 suffers from buffer overflow, authentication bypass, file disclosure, password disclosure, and information leakage vulnerabilities.
ac434a1ed45818872cf0689b9c03f2efbd4c708358bf3dc82697edeb0a4ddbf6
This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.
ef19d7abd0e99695337b2df4433d4785cfa21593bd61b704d3aa78a9d8ce5183
This Metasploit module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote.
a43d27bd69dd1a7e1c0fff3b8a4a24b14573fc751ae1415faf70bc5354e57f89
Symantec Messaging Gateway version 9.5.x suffers from a vendor-supplied backdoor vulnerability. By default the 'support' user is enabled and uses an insecure password. This user is not visible in the web interface and therefore cannot be disabled. As the appliance provides a SSH daemon on all interfaces, this account can be used to gain remote shell access on the device.
d327098479a9098d90ac2ea33a247a5c26c17c8e26b8959dee707097e490d059
This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.
3459acb0683358926b929b6818957b6738776254a54447d79a99c502aad973c3