This Metasploit module demonstrates a command injection vulnerability in Ray via cpu_profile.
8df2df72517b571d9dd8bd6cfcba7d7a0e2e3adcc491da6ac95c7d5c7f943993
This Metasploit modules demonstrates remote code execution in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is executing arbitrary workloads. By default Ray has no authentication.
276fa27f2b7f4e3368e29c64a43eb5175c7a06d6b1f36b8ce2b8c3203b044082
DiCal-RED version 4009 provides a network server on TCP port 2101. This service does not seem to process any input, but it regularly sends data to connected clients. This includes operation messages when they are processed by the device. An unauthenticated attacker can therefore gain information about current emergency situations and possibly also emergency vehicle positions or routes.
ab5d94c2a1f0e4d8bfcda084e05a40a114001865191d658dc9600e79c80e6702
DiCal-RED version 4009 makes use of unmaintained third party components with their own vulnerabilities.
ac46a5297fc9b5ee7331f8918ab83a70fa899f2cf27a29ac3f89865c35bbf946
DiCal-RED version 4009 is vulnerable to unauthorized log access and other files on the device's file system due to improper authentication checks.
22505e01eb5b8d58240173b875a10f1ce90aedba603dcb8c2cab2ffb9c7b12b6
DiCal-RED version 4009 has an administrative web interface that is vulnerable to path traversal attacks in several places. The functions to download or display log files can be used to access arbitrary files on the device's file system. The upload function for new license files can be used to write files anywhere on the device's file system - possibly overwriting important system configuration files, binaries or scripts. Replacing files that are executed during system operation results in a full compromise of the whole device.
7c7db8db22b8d44815d0c4d1894bb2b5c72cd299da13c7d7e62d1b7f68ee685e
DiCal-RED version 4009 provides an administrative web interface that requests the administrative system password before it can be used. Instead of submitting the user-supplied password, its MD5 hash is calculated on the client side and submitted. An attacker who knows the hash of the correct password but not the password itself can simply replace the value of the password URL parameter with the correct hash and subsequently gain full access to the administrative web interface.
be90b2b3ba74aa9d5ebd8ad42a421183d9736ccd9ae6ba44a68eee851329062e
DiCal-RED version 4009 has a password that is stored in the file /etc/deviceconfig as a plain MD5 hash, i.e. without any salt or computational cost function.
4631bb7b250de8fee1eca2b359b877101e979ef0df7cbe8484627af4fcf3047e
DiCal-RED version 4009 provides an FTP service on TCP port 21. This service allows anonymous access, i.e. logging in as the user "anonymous" with an arbitrary password. Anonymous users get read access to the whole file system of the device, including files that contain sensitive configuration information, such as /etc/deviceconfig. The respective process on the system runs as the system user "ftp". Therefore, a few files with restrictive permissions are not accessible via FTP.
52bc52be64d4c2afda673bb45ef55a60f84844e255049be801b31a39b418fdfc
DiCal-RED version 4009 provides a Telnet service on TCP port 23. This service grants access to an interactive shell as the system's root user and does not require authentication.
a6385e494be7b4b70dba302642602595baa5c71833106dcef5c061db726846b5
OX App Suite frontend version 7.10.6-rev42 suffers from cross site scripting vulnerabilities. OX App Suite backend versions 7.10.6-rev61 and 8.22 suffer from a denial of service vulnerability.
6e2623da412af99e461937edfe417e674fe26af8c59f680b4bb1489413794ba8
OX App Suite frontend version 7.10.6-rev44 suffers from a cross site scripting vulnerability.
1360b972ed80fc23c7c8b3b040403a512a3915dd0f5a8e6e9c5792c83a0e4c39
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.
9a945f44f885a1bb20d7bedc6e5a650484a28c881b547218ca5fdea560d9a2f3
Ubuntu Security Notice 6980-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.
08057937c697df9e4ae1ea540f09cc14cb2024a0420d71bc2d5deaac6fa7cfe8
Ubuntu Security Notice 6978-1 - It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue to read arbitrary files. Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream.
1afbcb0e189834043502262cef1e4fea8c4cb080deab88eb59b5f09c1040106a
PlantUML version 1.2024.6 suffers from a cross site scripting vulnerability.
28cd588466b21f30b2a0db0072c4c78aa0532c61f088d9cdb521bb89e9c81e26
Crime Complaints Reporting Management System version 1.0 suffers from a remote shell upload vulnerability.
fc348a37c6564d0229e29d8f398a77b43a6d58259762e3d0f95b78bc3b0f745d
Courier Management System version 1.0 suffers from a cross site request forgery vulnerability.
1337ec69e9d47fa0f4de53f21ec712c664700813dc53c6cc49f8a2320c9686f0
Company Visitor Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a3ae790e1f332d8ff787915e2feb853d7c3e614aeaea67361861ea7d18bb27df
CMSsite version 1.0 suffers from a remote shell upload vulnerability.
4e7a73c338e73423694e24acac9a56a1f1c42ad50f43ef66a924e0f30580b16c
Red Hat Security Advisory 2024-5446-03 - Red Hat OpenShift Container Platform release 4.13.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.
09d6f66d3dc29d64808a60b7427ad8e21756b50a5b13261e7c980bf9fe8c8864
CMS RIMI version 1.3 suffers from cross site request forgery and arbitrary file upload vulnerabilities.
dc50ee27904a926af74bf8f7250aab4eeedc989557ba1792b18fa14c73568744
Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
25d183ad1ab808d8eb37c605403875c32f55a1eb9742ca2f0a1e77e0b7ce0951
CCMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
de9151d5ff302677fb5da77053693b392b8644cb6845abb56a920fd62a7f579c
Biobook Social Networking Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fa0e4caf860abda8bbabc5103e38c78e393907f876e4a4b9d5dd3cb7513396cf