The Iris ID IrisAccess iCAM4000/7000 series suffer from a use of hard-coded credentials. When visiting the device interface with a browser on port 80, the application loads an applet JAR file ‘ICAMClient.jar’ into user’s browser which serves additional admin features. In the JAR file there is an account ‘rou’ with password ‘iris4000’ that has read […]
Centreon Web Interface versions 2.5.3 and below utilize an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.
http://www.bkkp.go.th/snt/web1/file_editor/_input_3_.txt notified by DeadsOul
Tags: defacementNo abstract description available in the upcomings!
No abstract description available in the upcomings!
No abstract description available in the upcomings!
Autobahn|Python incorrectly checks the Origin header when the ‘allowedOrigins’ value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser’s context. This is addressed in version 0.15.0.
The Joomla Weblinks component suffers from a remote shell upload vulnerability.
Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
Neoscreen version 4.5 suffers from an authentication bypass vulnerability.