Found an authenticated SQL injection when authenticated as a low-privileged user as the parameters 'or_filter' and 'filters' are not being sanitized sufficiently. Although several sanitation and blacklist attempts are used in the code for other parameters, these parameters aren't checked. This allows, for example, a retrieval of the admin reset token and reset the admin account using a new password as being shown in the PoC.
CASAP Automated Enrollment System 1.0 is vulnerable to authentication bypass. An attacker can exploit this vulnerability by setting a cookie and sending a POST request with a username of 'or 1 or' and a blank password. If successful, the attacker will be able to access the dashboard without authentication.
Library System 1.0 is vulnerable to authentication bypass via SQL injection. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the application. This will allow the attacker to bypass the authentication and gain access to the student area.
A vulnerability in Oracle WebLogic Server could allow an authenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability is due to improper validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by sending a crafted request to the targeted system. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of the WebLogic server.
Selea suffers from an authenticated command injection vulnerability. An attacker can send a maliciously crafted HTTP request to the vulnerable device in order to execute arbitrary code.
The ANPR camera suffers from an unauthenticated and unauthorized live stream disclosure when p1.mjpg or p1.264 is requested.
An attacker can exploit this vulnerability by tricking a logged-in user into clicking a malicious link. This malicious link will add an admin user to the application.
An unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in the Selea ANPR camera within several functionalities. The application parses user supplied URLs and makes requests to them without any validation. This allows an attacker to make requests to internal services, such as the camera's web server, and possibly gain access to sensitive information.
The ANPR camera suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' parameter in the 'get_file.cgi' script is not properly sanitized before being used to read files. This can be exploited to read arbitrary files from the underlying file system with the privileges of the web server process.
There is a hard-coded password for a hidden and undocumented /dev.html page that enables the vendor to enable configuration upload / overwrite trought the web interface.
Services By CQR