FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the…
>> CATEGORY: exploit
CyberPanel version 1.8.4 suffers from a cross site request forgery vulnerability.
FaceSentry Access Control System version 6.4.8 facial biometric access control appliance ships with hard-coded and weak credentials for SSH access on port 23445 using the credentials wwwuser:123456. The root privilege…
FaceSentry Access Control System version 6.4.8 is vulnerable to multiple cross site scripting vulnerabilities. This issue is due to the application’s failure to properly sanitize user-supplied input thru the ‘msg’…
SquirrelMail version 1.4.22 suffers from a cross site scripting vulnerability.
FaceSentry Access Control System version 6.4.8 suffers from a cleartext transmission of sensitive information. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.
REDDOXX Appliance versions 2032-SP2 up to hotfix 51 suffer from an information disclosure vulnerability.
FaceSentry Access Control System version 6.4.8 credentials used for accessing the web front end are stored unencrypted on the device in /faceGuard/database/FaceSentryWeb.sqlite.
This archive contains all of the 110 exploits added to Packet Storm in June, 2019.
LibreNMS version 1.46 addhost remote code execution exploit.