The InstallFiles, GetFilesLocal and GetDetailsLocal methods of the d-bus interface to PackageKit accesses given files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the system.
CSE Bookstore is vulnerable to an authentication bypass vulnerability on the admin panel. By default the admin panel is located at /admin.php and the administrator interface can be accessed by unauthorized users exploiting the SQL injection vulnerability. The payload used is Name: admin and Pass: %' or '1'='1.
A remote command injection vulnerability exists in Nagios XI 5.7.3. An authenticated attacker can exploit this vulnerability to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient sanitization of user-supplied input in the 'mibs.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability could result in arbitrary code execution on the underlying operating system.
A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. Digest authentication uses a 'nonce' value to mitigate replay attacks. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.
Sphider Search Engine version 1.3.6 is vulnerable to a Remote Code Execution vulnerability due to improper input validation of the 'word_upper_bound' parameter. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.
A SQL injection vulnerability exists in Client Management System 1.0 when user input is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a malicious request with a payload of '1' or 1=1# in the searchbox field. This can be done by using Burp Suite to send a POST request to the search-invoices.php page. An attacker can also use sqlmap with the -r parameter to exploit this vulnerability.
The devices utilizes hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in using the default credentials for accessing the web interface or gain shell access as root.
The ReQuest ARQ F3 web server suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker can exploit the Quick File Uploader (/tools/upload.html) page and upload PHP executable files that results in remote code execution as the web server user.
The unprotected web management server is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit the message_log page and disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device.
Genexis Platinum-4410 Home Gateway Router is vulnerable to stored XSS in the SSID parameter. This could allow attackers to perform malicious action in which the XSS popup will affect all privileged users.
Services By CQR