FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 O...

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 OS: necov1.8-0-g7ffe5b3 Hardware: Flir Systems Neco Board...

CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

Arbitrary File Overwrite

Apache tika-app is vulnerable to arbitrary file overwrite. An input file that has an embedded file containing an absolute path such as C:/evil.dll will cause the application to overwrite the file when the extract directory tag --extract-dir= is not specified on the commandline...

CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

UBUNTU-CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

DEBIAN-CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

CVE-2018-11762

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline --extract-dir= and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file...

Siemens Tecnomatix FactoryLink Vulnerabilities (Update A)

Overview This ICS-CERT Advisory is a follow-up to ICS-ALERT-11-080-01. An independent researcher has identified six vulnerabilities in the Siemens Tecnomatix FactoryLink supervisory control and data acquisition SCADA product. The researcher has also publicly released exploit code. The researcher...

CVE-2018-14429

man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI...

CVE-2018-14429

man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI...

CVE-2018-14429

man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI...

CVE-2018-14429

CVE-2018-14429 affects man-cgi before 1.16. Summary: Local File Inclusion via absolute path traversal using a crafted cgi-bin/man-cgi? URL (example: /cgi-bin/man-cgi?/etc/passwd). Root cause: the script’s handling of the parameter leads to reading local files by calling the man command. Impact: i...

man-cgi Local File Inclusion Vulnerability

Exploit for linux platform in category remote exploits man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a Parameter e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd the Script will read and return the local file. This is...

D-Link DAP-1360 File Path Traversal and Cross-Site Scripting Vulnerability

The D-Link DAP-1360 is a wireless router. A file path traversal and cross-site scripting vulnerability exists in the D-Link DAP-1360, which allows remote attackers to read passwords via incorrect parameters, leading to an absolute path traversal attack...

D-link DAP-1360 - Path Traversal Cross-Site Scripting

D-link DAP-1360 - Path Traversal Cross-Site Scripting Exploit Title: D-Link DAP-1360 File path traversal and Cross site scriptingreflected can lead to Authentication Bypass easily. Date: 20-07-2018 Exploit Author: r3m0t3nu11 Contact : http://twitter.com/r3m0t3nu11 Vendor : www.dlink.com Version:...

D-link DAP-1360 - Path Traversal / Cross-Site Scripting

Exploit Title: D-Link DAP-1360 File path traversal and Cross site scriptingreflected can lead to Authentication Bypass easily. Date: 20-07-2018 Exploit Author: r3m0t3nu11 Contact : http://twitter.com/r3m0t3nu11 Vendor : www.dlink.com Version: Hardware version: F1 Firmware version: 6.O5 Tested...

Explzh vulnerable to directory traversal

Overview Explzh is a file compression/extraction software supporting multiple file formats. Explzh contains a directory traversal vulnerability CWE-22. Explzh is not vulnerable to relative path traversal but to absolute path traversal. Therefore, an attacker may create new files or overwrite...

Eclipse Jetty Server Information Disclosure Vulnerability

Eclipse Jetty Server is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . An information disclosure vulnerability exists in Eclipse Jetty Server version 9.x that stems from an error response with an InvalidPathException message containing sensitive...