This Metasploit module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This Metasploit module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This Metasploit module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be successful. This Metasploit module has been tested successfully on Solaris 11.1 (x86) and Solaris 11.3 (x86).
1e59da07b25c5d7ed7f7081baca4d6ef68b592b7e64e01af24769ec5d101e1a3
The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated and unauthorized live RTSP video stream access.
b7848eb5ba5b066385cfc47136ee23b2674b338816a3adc651d59703e3b561fc
The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.
28f859be185735a935a473e099613589b8afccb4843208fedf69d3181dd9add9
FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access.
0de614831d3b207ecfaf1e3fe077655b58680dacd90d072ca20b3ad2ade27b23
Ubuntu Security Notice 3790-1 - It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information.
cecd819e00cb7f029c329aa4d01dc453ff04877404e627e6205f426776f09860
The FLIR AX8 thermal sensor camera version 1.32.16 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed via the 'file' parameter in download.php is not properly verified before being used to download config files. This can be exploited to disclose the contents of arbitrary files via absolute path.
4910689d53033b4139e7b3d0f8b92bc214a9cc6782213c8e4ee94d74eae57221
The FLIR AX8 thermal sensor camera version 1.32.16 suffers an unauthenticated and unauthorized live RTSP video stream access.
ae1464855d3b12a1fe0dc5269d50e29d905cd74a8815b4317e3f235a057d14ce
Advanced HRM version 1.6 suffers from a remote code execution vulnerability.
c6434dd2487f17a65692c3993b984a8cdb1a398f8e971d4f5d2776e4ae15f4fc
Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities.
da7448095beee0a9404501410a6c17d3b84e462f6e9fd8661ca126562704b03a
MaxOn ERP Software versions 8.x and 9.x suffer from a remote SQL injection vulnerability.
9a8c4b83c79fd18143d33ed59bfa6e2e0be39821a5c7deeea54eb7f75b0cb782
College Notes Management System version 1.0 suffers from a remote SQL injection vulnerability.
62959e3f455f67dc5272a6746356ec06d0273eb1f626cf4acf5ca9f4acc043b3
Academic Timetable Final Build version 7.0b suffers from a cross site request forgery vulnerability.
34b8f61b4e7dfe96554d1e8d6e164367cab8d23209530cdb120b6cfe8cce1d58
Academic Timetable Final Build versions 7.0a and 7.0b suffer from a remote SQL injection vulnerability.
82ef13a37a149c5961e80a26afb9a85e750a6e10accb788ad6036d531ef58d4a
The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution.
99f659cdf3c32886f1df88cb3b5df0af997dddb9fedfd50e3d11a4fe93ff269c
Ghostscript suffers from an issue where .loadfontloop exposes system operators in the saved execution stack.
f56f6e290aa802089d31f8990302cc11931c689380900d290b6f5d35582d007b