Netgear Genie version 2.4.32 suffers from an unquoted service path elevation of privilege vulnerability.
50950656a43a0ae649cdae18ee2a93d5The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerability.
296355d38705b5b2409004259a8e5624TECO SG2 FBD Client version 3.51 suffers from a vulnerability that is caused due to a boundary error in the processing of a Genie FBD, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .GFB file. Successful exploitation could allow execution of arbitrary code on the affected machine.
d772b6472e6c5d4a3e78bb6433f943cfTECO SG2 LAD Client version 3.51 suffers from a vulnerability that is caused due to a boundary error in the processing of a Genie LAD file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .GEN file. Successful exploitation could allow execution of arbitrary code on the affected machine.
01d277394c107d022120c826b3a4db2dA number of NetGear WNDR devices contain an embedded SOAP service that is seemingly for use with the NetGear Genie application. As this SOAP service is implemented by the built-in HTTP / CGI daemon, unauthenticated queries will also be answered over the internet if remote management has been enabled on the device. As a result, affected devices can be interrogated and hijacked with as little as a well placed HTTP query. Proof of concept included.
acdcd8c02eb08d5615892f7f65d8742eScripts Genie Pet Rate Pro version 4.9.9 suffers from remote SQL injection and code injection vulnerabilities.
2911f27832ad3b4194fc41baf37f4dd9Scripts Genie Top Sites script suffers from a remote SQL injection vulnerability.
908964c36cc78f29bf8fae9612695f6aScripts Genie Domain Trader script suffers from a remote SQL injection vulnerability.
56a9cb925da637288b46b2eb0429e4d6Scripts Genie Games Site script suffers from a remote SQL injection vulnerability.
5eda65a67721bd51bff6351e3f04248aScripts Genie Gallery Personals script suffers from a remote SQL injection vulnerability.
3439f913c4c88e858e21f08081a76014Classified Ultra ScriptsGenie suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
cfb2027fa52dd140a92e0db292a19a8bSecunia Security Advisory - Russ McRee has discovered some vulnerabilities in The Bug Genie, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.
77068997cdc52a063ffa348d7090d8e3Genie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Version 1.7. Archive password is set to p4ssw0rd. Use at your own risk.
80244cb8622b0c8053f7467374817e80Secunia Security Advisory - Kacper has discovered a vulnerability in phpCodeGenie, which can be exploited by malicious people to compromise a vulnerable system.
668494b1af7b1656d96a7e6e9fe10fdfGenie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Version 1.5.1 Archive password is set to p4ssw0rd. Use at your own risk.
f1f075240de9fa0a88f2854081500349Genie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Version 1.4 Archive password is set to p4ssw0rd. Use at your own risk.
70a427b3c98cd115acab4ff1e36f6339Genie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Version 1.3 Archive password is set to p4ssw0rd. Use at your own risk.
b9e8a14cd06aa8e40168f9a75d93ac24Genie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Archive password is set to p4ssw0rd. Use at your own risk.
6fa7fe6aa04d114dc141d0f34b56d1abSecunia Security Advisory - A vulnerability has been reported in phpCodeGenie, which can be exploited by malicious people to compromise a vulnerable system.
31af6fa5b4bffbb91cb605d12fbd17a4
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed