The Lexmark Services Monitor version 2.27.4.0.39 is vulnerable to a Directory Traversal and Local File Inclusion vulnerability. An attacker can exploit this vulnerability to access files outside of the intended directory.
This app is specially built for P2P IP camera series. thanks to unique P2P connection technology that users are able to watch live video on iPhone from any purchased IP camera by simply enter camera's ID and password; no complex IP or router settings. The app have a lot of functions, such as local record video, set ftp params, set email, set motion alarm and so on.
The vulnerability allows an attacker to disclose arbitrary files on the server by manipulating the 'page' parameter in the URL. By specifying a relative path to the target file, an attacker can retrieve sensitive information such as database configuration files or system files like /etc/passwd.
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. The product sets weak access control restrictions, as permissions are set to Full Control for Everyone group. This can allow low integrity malware the ability to replace ScanGuard executables.
This exploit allows remote attackers to execute arbitrary code on Fastweb Fastgate 0.00.81 devices. The vulnerability is caused by improper input validation in the status.cgi file. By sending a specially crafted request, an attacker can execute arbitrary commands on the target device.
The Technicolor TD5130.2 router is vulnerable to remote command execution. This allows an attacker to execute arbitrary commands on the device by sending a crafted HTTP POST request to the /mnt_ping.cgi endpoint. The vulnerability exists in the firmware version OI_Fw_V20 and has been assigned CVE-2019-18396.
This exploit allows an attacker to execute remote code on the Linear eMerge E3 version 1.00-06. It is achieved through an unauthenticated command injection vulnerability in the card_scan_decoder.php file. The vulnerability is identified by the CVE-2019-7256 identifier. The exploit provides an example of obtaining web front-end credentials and escalating privileges to root. The affected version is <=1.00-06.
The Wondershare Application Framework Service (WsAppService) on Windows has an unquoted service path vulnerability. This vulnerability could allow an attacker to escalate privileges and execute arbitrary code with system level privileges.
There is a stack based buffer overflow vulnerability in Control Center PRO 6.2.9. When attempting to use the create user module, in the username field, copying a considerable amount of strings is not controlled by the software and leads to an overwrite of the SEH.
The RTK IIS Codec Service 6.4.10041.133 allows an attacker to execute arbitrary code by exploiting the unquoted service path vulnerability.
Services By CQR