NVIDIA 0x7000014 Missing Bounds Check / Buffer Overflow
Posted by deepcore under exploit (No Respond)
There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow.
Archive for October, 2016
NVIDIA 0x10000e9 Missing Bounds Check / Buffer Overflow
Posted by deepcore under exploit (No Respond)
The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow.
PHP Support Tickets 1.3 Local File Inclusion
Posted by deepcore under exploit (No Respond)
PHP Support Tickets version 1.3 suffers from a local file inclusion vulnerability.
PHP Support Tickets 1.3 SQL Injection
Posted by deepcore under exploit (No Respond)
PHP Support Tickets version 1.3 suffers from a remote SQL injection vulnerability.
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a ‘x2f’ character so that we hit the match on the […]
InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution
Posted by deepcore under exploit (No Respond)
InfraPower PPS-02-S Q213V1 suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exists due to several POST parameters in several scripts not being sanitized when using the exec(), proc_open(), popen() and shell_exec() PHP function while updating the settings on the affected device. This allows the attacker to execute arbitrary system commands as the root […]
InfraPower PPS-02-S Q213V1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
InfraPower PPS-02-S Q213V1 suffers from multiple stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
InfraPower PPS-02-S Q213V1 Local File Disclosure
Posted by deepcore under exploit (No Respond)
InfraPower PPS-02-S Q213V1 suffers from a file disclosure vulnerability when input passed thru the ‘file’ parameter to ‘ListFile.php’ script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
InfraPower PPS-02-S Q213V1 Hard-Coded Credentials Remote Root
Posted by deepcore under exploit (No Respond)
InfraPower PPS-02-S Q213V1 suffers from a use of hard-coded credentials. The IP dongle firmware ships with hard-coded accounts that can be used to gain full system access (root) using the telnet daemon on port 23.
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference
Posted by deepcore under exploit (No Respond)
InfraPower PPS-02-S Q213V1 suffers from an insecure direct object reference authorization bypass vulnerability.