>> ARCHIVE: 2018-10

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec…

Academic Timetable Final Build versions 7.0a and 7.0b suffer from a remote SQL injection vulnerability.

Academic Timetable Final Build version 7.0b suffers from a cross site request forgery vulnerability.

College Notes Management System version 1.0 suffers from a remote SQL injection vulnerability.

MaxOn ERP Software versions 8.x and 9.x suffer from a remote SQL injection vulnerability.

Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities.

Advanced HRM version 1.6 suffers from a remote code execution vulnerability.

The FLIR AX8 thermal sensor camera version 1.32.16 suffers an unauthenticated and unauthorized live RTSP video stream access.

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed via the ‘file’ parameter in download.php is not properly verified before being…

FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be…