Zero Science Lab

The marKoni FM transmitters are susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the 'wget' module. This allows the attacker to gain unauthorized access to the system with administrative privileges by exploiting the 'url' parameter in the HTTP GET request to ekafcgi.fcgi.

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a blog-creating feature that stores data persistently could perform a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to be an author feature could perform a stored XSS attack against any other users visiting the posts by the author. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to edit the landing/about page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a category-creating feature that stores data persistently could create a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to create an article could perform a stored XSS attack against any other users with the ability to create an article. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

The transmitter suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

The device allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.