25 matches found
EUVD-2008-4033
Malware in sbrugna...
EUVD-2008-4034
Malware in sbrugna...
Friendly Technologies TR-069 ACS 2.8.9 Login SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38634/info Friendly Technologies TR-069 ACS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
Friendly Technologies TR-069 ACS 2.8.9 - Login SQL Injection
source: https://www.securityfocus.com/bid/38634/info Friendly Technologies TR-069 ACS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the applicatio...
Security feature bypass
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method...
Heap overflow
Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method...
CVE-2008-4050
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to 1 create and read arbitrary registry values via the RegistryValue method, and 2 read arbitrary files via the GetTextFile method...
CVE-2008-4048
CVE-2008-4048 describes a heap-based buffer overflow in an ActiveX control of the fwRemoteCfg.dll 3.3.3.1 component used by the Friendly Technologies FriendlyPPPoE Client 3.0.0.57. The overflow is triggered by a long third argument to the CreateURLShortcut method, allowing remote attackers to exe...
CVE-2008-4049
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method...
CVE-2008-4049
CVE-2008-4049 affects the Friendly Technologies FriendlyPPPoE Client (version 3.0.0.57) via the ActiveX control fwRemoteCfg.dll version 3.3.3.1. The RunApp method accepts arguments that allow remote attackers to execute arbitrary programs. This vulnerability is described across multiple sources i...
CVE-2008-4050
The CVE-2008-4050 entry concerns a flaw in the ActiveX control fwRemoteCfg.dll (version 3.3.3.1) used by Friendly Technologies’ FriendlyPPPoE Client (v3.0.0.57). The vulnerability allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method and (2) read ar...
EUVD-2008-4035
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to 1 create and read arbitrary registry values via the RegistryValue method, and 2 read arbitrary files via the GetTextFile method...
Friendly Technologies 'fwRemoteCfg.dll' ActiveX控件信息泄漏漏洞
BUGTRAQ ID: 30939 CNCAN ID:CNCAN-2008090102 Friendly Technologies是一款提供类似L2TP和PPPoE客户端的解决方案。 Friendly Technologies fwRemoteCfg.dll存在输入验证错误,远程攻击者可以利用漏洞获得敏感信息。 fwRemoteCfg.dll用于提供拨号相关功能,由于对RegistryValue, readreg, readme方法缺少充分过滤,可导致攻击者构建恶意WEB页,诱使用户访问可获得敏感信息。 Friendly Technologies fwRemoteCfg.dll...
Friendly Technologies (fwRemoteCfg.dll) ActiveX Remote BOF Exploit
No description provided by source. !-- "Friendly Technologies" provide software like L2TP and PPPoE clients to ISPs, who give the software to their customers on CD so they have less trouble setting up thire connections. They also provide remote configuration solutions .. not the best idea if you...
friendly-readwrite.txt
Friendly Technologies - Read/Write Registry // Write to Registry FT.RegistryValue 1, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "Key Name Here", 1 = "Input Here"; // Read from Registry var readreg = FT.RegistryValue 1, "SOFTWARE\Friendly Technologies\FriendlyWeb Dialer", "Version", 1;...
Friendly Technologies - Read/Write Registry/Read Files
Friendly Technologies - Read/Write Registry // Write to Registry FT.RegistryValue 1, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "Key Name Here", 1 = "Input Here"; // Read from Registry var readreg = FT.RegistryValue 1, "SOFTWARE\Friendly Technologies\FriendlyWeb Dialer", "Version", 1;...
Friendly Technologies Read/Write Registry/Read Files Exploit
Exploit for unknown platform in category remote exploits ============================================================ Friendly Technologies Read/Write Registry/Read Files Exploit ============================================================ Friendly Technologies - Read/Write Registry // Write to...
Friendly Technologies 'fwRemoteCfg.dll' ActiveX控件远程缓冲区溢出漏洞
BUGTRAQ ID:30891 CNCAN ID:CNCAN-2008082904 Friendly Technologies是一款提供类似L2TP和PPPoE客户端的解决方案。 Friendly Technologies fwRemoteCfg.dll存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 fwRemoteCfg.dll用于提供拨号相关功能,由于对其他参数缺少充分边界检查,构建恶意WEB页,诱使用户访问,可导致触发缓冲区溢出以应用程序权限执行任意指令。 Friendly Technologies fwRemoteCfg.dll 目前没有解决方案提供:...
friendly-fwremotecfg.txt
Friendly Technologies - wayyy too friendly... function exploit var Evil = ""; // Our Evil Buffer var DamnIE = "\x0C\x0C\x0C\x0C"; // Damn IE changes address when not in the 0x00 - 0x7F range : // Need to use heap spray rather than overwrite EIP ... // Skyland win32 bindshell 28876/tcp shellcode v...
friendly-exec.txt
lamers.RunApp "cmd" ,"cmd /k echo So Simple, So Lame -- Somebody should get fired." ,0...