FLIP Systems thermal cameras have an issues where Input passed through several parameters is not properly verified before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files from local resources.
d34a3f62ad7186d8f7f078fd8eb7e91db95aa1f3f1268a975bd96226e024248f
FLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.
467a838bbb50091c18ff3f7378b6872b6baa6ae7cf973e758610e0c2230ab17a
FLIR FC-S/PT series suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user.
72dca7a2b36694be2eb020a1a8df5c0c7188a5b47584564c2c6a6f0a692581b1
This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2.
99930294bef23f9b9d84c06aa2386d0ad63e5b162e9d0bb0cd32b041027c9f56
BlueBorne BlueTooth buffer overflow proof of concept exploit that causes a denial of service vulnerability on Linux kernels prior to 4.13.1.
974f187dadca11aa8a6672fa308652e8c4e301f2e239dcd9ebe671ec208a6e34
Kaltura versions 13.1.0 and below suffer from code execution and cross site scripting vulnerabilities.
f13d7e1066f62d0ca0b0da505366a1d539c7943e2d61a9efc629ec92d9a34e9f
This Metasploit module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a terminal command under the context of the web server user.
e5643fffa4297f5d5b48f257e93c3396e073c9df8c778d9d0abdbed89abcab11
PHP Auction Ecommerce Script version 1.6 suffers from a remote SQL injection vulnerability.
e11d8ca751f12ac904f6ae849f6b00120b49672fedb040237069b33d271e6638
Cash Back Comparison Script version 1.0 suffers from a remote SQL injection vulnerability.
bf0129d1568c533f775662e94d71b60428120c4f89f7a7f646d79d5008c48602
Secure E-Commerce Script version 1.02 suffers from a remote SQL injection vulnerability.
6ecc8f905e6696e16dc6fc46ccfddf32a1e6d43f347350788a2966842018b964
Claydip Airbnb Clone version 1.0 suffers from an arbitrary file upload vulnerability.
d394625cf6d56283ba1e531eb76ad82163659e54c6b79be35985e65e1c838577
Lending and Borrowing suffers from a remote SQL injection vulnerability.
a5f2aae02d2fa6420f4bf2e171e91c57bc8d1a3ca3e87c483fefbf51a27aea54
Multi Level Marketing suffers from a remote SQL injection vulnerability.
227e8fbe62124c42fae50d8152fbcb9c2d4464daad8b6a50d9af4854d13e399e
Microsoft Edge Chakra JavascriptFunction::ReparseAsmJsModule suffers from a parsing issue.
04786d716e5bbc515fcb82e70cc835c336e1f9a711c6bd4916ec298d728b059c
Microsoft Edge Chakra Parser::ParseCatch fail to handle eval properly.
ab4355edeff5bc32a4c78094cc0d6544b969b096f7f75973839307d64d3834c7
Microsoft Edge Chakra makes wrong scopes in deferred parsing.
46c5852cffb12bf17caf6302d304337fc43055946fa9a608bd1dce0284336d11
Microsoft Edge Charka incorrectly parses object patterns.
861d591b479ea3ed6c0ad8fd09bf8f8400adee9fdab27742f1cf3812afe1c4dc
phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability.
341b845511d328e01e97ed403a18ff1aabc3cd35bc0e0eea9412ac77ac089f2f
WordPress Responsive Image Gallery plugin version 1.1.8 suffers from a remote SQL injection vulnerability.
5d6d5bc59c4b6c46cabe5218a99c3da34389ba51b7860a91a33705fcbb5eda0b
This Metasploit module exploits an SEH buffer overflow in Disk Pulse Enterprise version 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.
876a9a5d808b0659fa59d564a70173b778f43b52723877c001da3267e7263ec7
Mongoose Embedded Web Server Library versions 6.8 and below suffer from a stack-based buffer overflow vulnerability.
4fb80ad189731d24ec26827f09996fc6817ecce4f5d42ff3a887ceacbec10d9b
Pixie Image Editor versions 1.4 and 1.7 suffer from a server-side request forgery vulnerability.
4810929f8c991ac10100bb073270d0ab4cae3ded5c49e3be1cd7403684da5f73
WordPress 2kb Amazon Affiliates Store plugin versions 2.1.0 and below suffer from a cross site scripting vulnerability.
3ae51e465aa8a2ee5523c26071aa889af6b47942e855e9e601be39a1530278ee
SUSE/Portus version 2.2 suffers from a persistent cross site scripting vulnerability.
0f89be3598b185b26e1d2346f6a7fe4fee3bd2aa160be8583d7a7b5cb67d1258
DlxSpot Player4 LED video wall has a hardcoded password that allows you to ssh in and escalate to root.
ad7221803cc82d07c5c7cb36a0c7fa5ab1c1470b7d79822c80ae2cf2222c91ef