InfraPower PPS-02-S Q213V1 suffers from an insecure direct object reference authorization bypass vulnerability.
>> CATEGORY: exploit
InfraPower PPS-02-S Q213V1 suffers from a use of hard-coded credentials. The IP dongle firmware ships with hard-coded accounts that can be used to gain full system access (root) using the…
InfraPower PPS-02-S Q213V1 suffers from a file disclosure vulnerability when input passed thru the ‘file’ parameter to ‘ListFile.php’ script is not properly verified before being used to read files. This…
InfraPower PPS-02-S Q213V1 suffers from multiple stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to…
InfraPower PPS-02-S Q213V1 suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exists due to several POST parameters in several scripts not being sanitized when using the exec(), proc_open(),…
InfraPower PPS-02-S Q213V1 suffers from a cross site request forgery vulnerability.
InfraPower PPS-02-S Q213V1 suffers from an authentication bypass vulnerability. The device does not properly perform authentication, allowing it to be bypassed through cookie manipulation. The vulnerable function checkLogin() in ‘Function.php’…
The GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path name(s) specified on the command line. Versions 1.14 through 1.29…
Joomla versions 3.4.4 through 3.6.4 suffer from account creation and privilege escalation vulnerabilities.
Boonex Dolphin versions 7.3 and below suffer from an authentication bypass vulnerability.