FLIP Systems thermal cameras have an issues where Input passed through several parameters is not properly verified before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files from local resources.
d34a3f62ad7186d8f7f078fd8eb7e91db95aa1f3f1268a975bd96226e024248fFLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.
467a838bbb50091c18ff3f7378b6872b6baa6ae7cf973e758610e0c2230ab17aFLIR FC-S/PT series suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user.
72dca7a2b36694be2eb020a1a8df5c0c7188a5b47584564c2c6a6f0a692581b1This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2.
99930294bef23f9b9d84c06aa2386d0ad63e5b162e9d0bb0cd32b041027c9f56BlueBorne BlueTooth buffer overflow proof of concept exploit that causes a denial of service vulnerability on Linux kernels prior to 4.13.1.
974f187dadca11aa8a6672fa308652e8c4e301f2e239dcd9ebe671ec208a6e34Kaltura versions 13.1.0 and below suffer from code execution and cross site scripting vulnerabilities.
f13d7e1066f62d0ca0b0da505366a1d539c7943e2d61a9efc629ec92d9a34e9fThis Metasploit module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a terminal command under the context of the web server user.
e5643fffa4297f5d5b48f257e93c3396e073c9df8c778d9d0abdbed89abcab11PHP Auction Ecommerce Script version 1.6 suffers from a remote SQL injection vulnerability.
e11d8ca751f12ac904f6ae849f6b00120b49672fedb040237069b33d271e6638Cash Back Comparison Script version 1.0 suffers from a remote SQL injection vulnerability.
bf0129d1568c533f775662e94d71b60428120c4f89f7a7f646d79d5008c48602Secure E-Commerce Script version 1.02 suffers from a remote SQL injection vulnerability.
6ecc8f905e6696e16dc6fc46ccfddf32a1e6d43f347350788a2966842018b964Claydip Airbnb Clone version 1.0 suffers from an arbitrary file upload vulnerability.
d394625cf6d56283ba1e531eb76ad82163659e54c6b79be35985e65e1c838577Lending and Borrowing suffers from a remote SQL injection vulnerability.
a5f2aae02d2fa6420f4bf2e171e91c57bc8d1a3ca3e87c483fefbf51a27aea54Multi Level Marketing suffers from a remote SQL injection vulnerability.
227e8fbe62124c42fae50d8152fbcb9c2d4464daad8b6a50d9af4854d13e399eMicrosoft Edge Chakra JavascriptFunction::ReparseAsmJsModule suffers from a parsing issue.
04786d716e5bbc515fcb82e70cc835c336e1f9a711c6bd4916ec298d728b059cMicrosoft Edge Chakra Parser::ParseCatch fail to handle eval properly.
ab4355edeff5bc32a4c78094cc0d6544b969b096f7f75973839307d64d3834c7Microsoft Edge Chakra makes wrong scopes in deferred parsing.
46c5852cffb12bf17caf6302d304337fc43055946fa9a608bd1dce0284336d11Microsoft Edge Charka incorrectly parses object patterns.
861d591b479ea3ed6c0ad8fd09bf8f8400adee9fdab27742f1cf3812afe1c4dcphpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability.
341b845511d328e01e97ed403a18ff1aabc3cd35bc0e0eea9412ac77ac089f2fWordPress Responsive Image Gallery plugin version 1.1.8 suffers from a remote SQL injection vulnerability.
5d6d5bc59c4b6c46cabe5218a99c3da34389ba51b7860a91a33705fcbb5eda0bThis Metasploit module exploits an SEH buffer overflow in Disk Pulse Enterprise version 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.
876a9a5d808b0659fa59d564a70173b778f43b52723877c001da3267e7263ec7Mongoose Embedded Web Server Library versions 6.8 and below suffer from a stack-based buffer overflow vulnerability.
4fb80ad189731d24ec26827f09996fc6817ecce4f5d42ff3a887ceacbec10d9bPixie Image Editor versions 1.4 and 1.7 suffer from a server-side request forgery vulnerability.
4810929f8c991ac10100bb073270d0ab4cae3ded5c49e3be1cd7403684da5f73WordPress 2kb Amazon Affiliates Store plugin versions 2.1.0 and below suffer from a cross site scripting vulnerability.
3ae51e465aa8a2ee5523c26071aa889af6b47942e855e9e601be39a1530278eeSUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability.
0f89be3598b185b26e1d2346f6a7fe4fee3bd2aa160be8583d7a7b5cb67d1258DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root.
ad7221803cc82d07c5c7cb36a0c7fa5ab1c1470b7d79822c80ae2cf2222c91ef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed