Grafana versions 8.0.0-beta1 through 8.3.0 is vulnerable to directory traversal, allowing access to local files.
An attacker can bypass authentication by using a SQL injection attack. The attacker can send a specially crafted HTTP request with a username of 'admin'# and any password to the process.php page, which will allow them to bypass authentication and gain access to the application.
This exploit is used to gain access to a Raspberry Pi OS <= 5.10 device using the default credentials (username: pi, password: raspberry). The exploit is written in Python and uses the Paramiko library to connect to the device and execute the 'id' command.
MTPutty is vulnerable to a password disclosure vulnerability. By running the command “Get-WmiObject Win32_Process | select name, commandline | findstr putty.exe” on powershell, an attacker can view the hidden password.
LimeSurvey is vulnerable to Remote Code Execution (RCE) when an authenticated user sends a maliciously crafted request to the application. An attacker can exploit this vulnerability to execute arbitrary code on the server.
RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers who are able to access the web-based management application full administrative access to the device. Two backdoor passwords were found in the firmware of the COMpact 5500R PBX. One backdoor password is for the secret user 'Schandelah', the other can be used for the highest-privileged user 'Admin'. No way was discovered to change these passwords.
Attackers with low-privileged user accounts, for example those that are used by VoIP phones, can log into the web-based management interface of the COMpact 5500R PBX. Afterwards, the list of user accounts can be listed and details shown for each user account. Adding the URL parameter "passwd=1" then also includes the clear text password for each user accoun in the response. This allows attackers to gain access to administrative user accounts without knowing the passwords.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
RedTeam Pentesting discovered a vulnerability in the web-based configuration management interface of the Auerswald COMfortel 1400 and 2600 IP desktop phones. The vulnerability allows accessing configuration data and settings in the web-based management interface without authentication.
The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to input validation error when processing directory traversal sequences in the 'link' parameter in the 'dzsap_download' action. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Services By CQR