This Metasploit module exploits a buffer overflow in the zhttpd binary (/bin/zhttpd). It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host.
fc9419af3871336277cafde42125966d876812e4e57c8b48da3a83050219381fBarracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected.
e22e6ec79251f3937a92331fc63981e433da65af4916b07f8c2c7428e6ca9dadMultiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities.
0ba1f45b7a5254a119e2a3aeddf4279392e2e0120fe45790d15563c4eadf7fd2Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities.
261e0a7af24605abbcb498cca0acda8b6897b40daab2471d8fafde95edc1b848BMD BMDWeb 2.0 versions prior to 24.01.21 suffer from persistent cross site scripting vulnerabilities.
499c18c38e8687b39167ce9265f6c4cdf83a764a4642327eea6fa7a0feb38768Fortinet products, including FortiGate and Forticlient, regularly send information to Fortinet servers using XOR "encryption" with a static key. FortiClientWindows versions 6.0.6 and below, and FortiClientMac versions 6.2.1 and below. After this advisory was released, Fortinet has confirmed that only FortiOS version 6.2.0 includes the patch.
8dc47eb79b4cc21fe29d2fa486d30fd36bd9bb27983db8a7c9f4ea84620972f0XMeye P2P Cloud used with Xiongmai IP Cameras, NVRs and DVRs suffer from predictable Cloud IDs, default admin password, and various other issues that can result in remote code execution.
91c7dfdf6aeb957aa46e50283fc95205a17b991e8e99993f7b09e7fd6a521bdbFortiGate SSL VPN Portal versions 5.6.2 and below, 5.4.6 and below, 5.2.12 and below, and 5.0 and below suffer from a cross site scripting vulnerability.
b2d5f1ba485a9729c93cfe8c29db752eb3863fb1cf9c67796c558e28b07dd9e9Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in libmtk_httpd_plugin.so).
1c406ac717264e13cef5f2341197c0e2013b4a9fe6fe7c509442d497b4bb32b7Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionality. After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges.
22e3af92e387283941072a466bbafa59aa472e2642354166a328c50464384720Various Aruba Networks and Alcatel-Lucent products have a private key for a browser-trusted certificate embedded in firmware.
06c335f955be1dbd40f9923d7ef00304736343ab2994d27937a6c171714debbfVarious Ubiquiti Networks products suffer from having hardcoded keys and also having remote management interfaces enabled that can be leveraged by these credentials.
92721278eb65c5e1f8f671b891d965595191b866fed7ef14a87bd372a6353da0NetUSB stack buffer overflow denial of service exploit.
5442a486e9656c62a01cfaf5fcfda32c973d961030d9fd315377e310ff046fccKCodes NetUSB suffers from a kernel stack buffer overflow vulnerability.
23355f32384caa77fd5215fcd1180af3983315488b8385634c6831717e64c2fdMultiple TP-LINK products suffer from a local file disclosure vulnerability.
77dc5766ead42d5a0627853f735788b13644c3d13432f56e13c5ebedd4253fa3Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.
c2294e75032fb839b9cb87eecedc88efda3874129c4fc1fbc3e1c516eb643ca7VDG Security SENSE version 2.3.13 suffers from buffer overflow, authentication bypass, file disclosure, password disclosure, and information leakage vulnerabilities.
ac434a1ed45818872cf0689b9c03f2efbd4c708358bf3dc82697edeb0a4ddbf6This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.
ef19d7abd0e99695337b2df4433d4785cfa21593bd61b704d3aa78a9d8ce5183This Metasploit module exploits a default misconfiguration flaw on Symantec Messaging Gateway. The 'support' user has a known default password, which can be used to login to the SSH service, and gain privileged access from remote.
a43d27bd69dd1a7e1c0fff3b8a4a24b14573fc751ae1415faf70bc5354e57f89Symantec Messaging Gateway version 9.5.x suffers from a vendor-supplied backdoor vulnerability. By default the 'support' user is enabled and uses an insecure password. This user is not visible in the web interface and therefore cannot be disabled. As the appliance provides a SSH daemon on all interfaces, this account can be used to gain remote shell access on the device.
d327098479a9098d90ac2ea33a247a5c26c17c8e26b8959dee707097e490d059This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.
3459acb0683358926b929b6818957b6738776254a54447d79a99c502aad973c3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed