The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by navigating to /html/user (via IDOR) page sending an HTTP GET request setting the parameter 'ft[grp]' to integer value '3' gaining super admin rights.
FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input. An attacker can exploit this issue to bypass the authorization mechanism. This allows the attacker to gain unauthorized access to the surveillance system.
SalesLogix eViewer is a web application integrated with the SalesLogix 2000 package. eViewer will not perform authorization on administrative commands if they are requested directly in the URL. Therefore, the URL http://target/scripts/slxweb.dll/admin?command=shutdown will cause the slxweb.dll process to shutdown. Although the slxweb.dll process will restart once a new query or session is issued, continually requesting the URL above will cause a denial of service.
Improper access conrol in FatPipe Networks WARP 10.2.2 allows an attacker to bypass authentication and gain access to the system.
McAfee IntruShield Security Management System is susceptible to multiple vulnerabilities. The first two issues are cross-site scripting vulnerabilities in the 'intruvert/jsp/systemHealth/SystemEvent.jsp' script. These issues are due to a failure of the application to properly sanitize user-supplied data prior to utilizing it in dynamically generated HTML. The next two issues are authorization bypass vulnerabilities leading to information disclosure and the ability to acknowledge, de-acknowledge, and delete security alerts. These vulnerabilities require a valid user account in the affected application.
WP to Twitter Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. WP to Twitter 2.9.3 is vulnerable; other versions may also be affected.
The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.
The telnet component of Polycom HDX video endpoint devices is vulnerable to an authorization bypass when multiple simultaneous connections are repeatedly made to the service, allowing remote network attackers to gain full access to a Polycom command prompt without authentication. Versions prior to 3.0.4 also contain OS command injection in the ping command which can be used to escape the telnet prompt and execute arbitrary commands as root.
An attacker can log into the web management UI with an arbitrarily chosen password. Possibilities include but are not limited to reading and writing files stored on the device and altering the deviceβs configuration. This means an attacker could steal sensitive data stored on the device, leverage the device to drop and/or host malware, abuse the device to send spam through the victimβs Internet connection, and use the device as a pivot point to access locally connected systems or launch attacks directed to other systems. The function that is responsible for changing the administrator password can be called by an unauthenticated used. It uses the flawed assumption that the call is part of an admin session if a static valued cookie is present. Note that the cookie value is checked on the client so it can be easily circumvented by a command line tool.
Services By CQR