The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution.
Academic Timetable Final Build versions 7.0a and 7.0b suffer from a remote SQL injection vulnerability.
Academic Timetable Final Build version 7.0b suffers from a cross site request forgery vulnerability.
College Notes Management System version 1.0 suffers from a remote SQL injection vulnerability.
MaxOn ERP Software versions 8.x and 9.x suffer from a remote SQL injection vulnerability.
Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities.
Advanced HRM version 1.6 suffers from a remote code execution vulnerability.
The FLIR AX8 thermal sensor camera version 1.32.16 suffers an unauthenticated and unauthorized live RTSP video stream access.
The FLIR AX8 thermal sensor camera version 1.32.16 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed via the ‘file’ parameter in download.php is not properly verified before being used to download config files. This can be exploited to disclose the contents of arbitrary files via absolute path.
FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or […]
