The device does not properly perform authentication, allowing it to be bypassed through cookie manipulation. The vulnerable function checkLogin() in 'Function.php' checks only if the 'Login' Cookie is empty or not, allowing easy bypass of the user security mechanisms.
Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources and functionalities in the system directly, for example APIs, files, upload utilities, device settings, etc.
InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle (IPD-02-S only) to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. InfraPower suffers from a use of hard-coded credentials. The IP dongle firmware ships with hard-coded accounts that can be used to gain full system access (root) using the telnet daemon on port 23.
InfraPower suffers from a file disclosure vulnerability when input passed thru the 'file' parameter to 'ListFile.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
InfraPower suffers from multiple stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
InfraPower suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in several scripts not being sanitized when using the exec(), proc_open(), popen() and shell_exec() PHP function while updating the settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.
The FTP Server can't handle more than ~1505 connections at the same time. The exploit code creates a socket connection to the target IP and sends a USER and PASS command with a large string of 'A's as the payload. This causes the server to crash.
A memory corruption vulnerability exists in CherryTree 0.36.9 due to a null pointer reference when trying to draw the contents of the graphical bitmaps. An attacker can exploit this vulnerability by creating a malicious .ctd file and hovering over the link. This will cause a crash and potentially lead to arbitrary code execution.
Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See also CVE-2020-14882, which is addressed in the October 2020 Critical Patch Update.
A buffer overflow vulnerability exists in uSQLite 1.0.0 when a long string is sent to the server. Sending a 259 A characters followed by 4 B characters and 360 C characters causes a heap based overflow. The EIP is then under control, but depending on the OS version, there might be issues finding a jump spot without DEP and ASLR.
Services By CQR