Saxon is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This exploit leverages the vulnerabilities enumerated in these CVES: [ CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736 ]. More details here: http://blog.redactedsec.net/exploits/2018/04/26/nagios.html. Steps are as follows: 0. Determine Version 1. Change the database user to root:nagiosxi 2. Get an API key w/ SQLi 3. Use the API Key to add an administrative user 4. Login as that administrative user 5. Do some authenticated RCE w/ privesc 6. Cleanup.
The application suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.
The distribution suffers from an arbitrary file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
The application allows a remote attacker to change the root password of the system without authentication (disabled by default) and verification of previously assigned credential. Command execution also possible using several POST parameters.
The application suffers from an unauthenticated live stream disclosure when /tpl/tv_action.sh is called and generates a snapshot in /var/www/images/tv.jpg through the Simple VDR Protocol (SVDRP).
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP (svdrpsend.sh) Exploit allows the usage of the SVDRP protocol/commands to be sent by a remote attacker to manipulate and/or control remotely the TV.
The application is vulnerable to unauthenticated configuration download when direct object reference is made to the backup function using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.
Since the application is filtering user input with preg_replace, attackers can able to bypass restriction by using HTML to Unicode encoding. So the application let's attacker perform DOM based XSS.
Neon Responders is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle malformed network packets. This issue allows remote attackers to crash the affected application, denying further service to legitimate users.