zixian

4 exploits Active since Aug 2014
CVE-2018-9092 EXPLOITDB HIGH html WORKING POC
MiniCMS 1.10 - Cross-Site Request Forgery in Admin Configuration
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.
CVSS 8.8
CVE-2014-7281 EXPLOITDB html WORKING POC
Tenda A32 Firmware 5.07.53_CN - Cross-Site Request Forgery via SysToolReboot
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
CVE-2014-5246 EXPLOITDB text WORKING POC
Tenda A5s Firmware 3.02.05_CN - Unauthenticated Authentication Bypass via admin:language Cookie
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
CVE-2014-7279 EXPLOITDB CRITICAL text WRITEUP
Konke Smart Plug K - Info Disclosure
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
CVSS 9.8