Dbltek GoIP-1 is a VoIP-GSM gateway device, which allows making calls and sending SMS messages using SIP. The device has a webserver that contains two pre-auth Local File Inclusion vulnerabilities. Using these, it is possible to download the device configuration file containing all device credentials (including admin panel credentials and SIP credentials) if the configuration file has been backed up.
The software ships with overly permissive sudo privileges for any user in the admin group, or the default admin user. This vulnerability exists in all legacy versions of the software - the last version being from ~2014. This vulnerability does not exist in the newer distributions of the ACS Software.
It is possible to induce an application to interact with an arbitrary external service. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the webserver or increase the attack surface (it may be used also to filtrate the real IP behind a CDN). An example of the HTTP request is given in the text.
By accessing the following payload (URL) an attacker could iframe any external website (of course, only external endpoints that allows being iframed). The vulnerable vector is "https://example.com/lab.html?vpath=//wikipedia.com" where "vpath=//" is the pointer to the external site to be iframed.
An authenticated user can execute arbitrary code on the vulnerable system by uploading a crafted image file with a .php7 extension. The crafted image file contains PHP code which is executed when the file is accessed.
Authenticate and get update client settings will be appear the id paramater put your payload at there it'll be work
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
The vulnerability exists due to an unquoted service path in the HPFSService service. A local attacker can exploit this vulnerability to gain elevated privileges on the affected system.
The Intel(R) Management Engine Components 6.0.0.1189 contains a vulnerability in the 'LMS' service, which allows an attacker to gain elevated privileges by exploiting an unquoted service path.
Services By CQR