Keysight Technologies Sensor Management Server addLicenseFile Path Traversal (CVE-2022-38129)

Binary data keysightsmscve-2022-38129.nbin...

Cisco ASA-X With FirePOWER Services Authenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA-X with FirePOWER Services Authenticated Command Injection', 'Description' = %q This module exploits an authenticated command injection...

Cisco ASA-X with FirePOWER Services Authenticated Command Injection

This module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine...

FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS Vulnerabilities

FLIR AX8 versions 1.46.16 and below suffer from command injection, directory traversal, improper access control, and cross site scripting vulnerabilities. FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual camera...

FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS

FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual cameras that provides continuous temperature monitoring and alarming for critical electrical and mechanical equipment. Affected products: All FLIR AX8 thermal...

CVE-2022-37062

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

CVE-2022-37063

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting XSS due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the...

Design/Logic Flaw

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

CVE-2022-37060

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files...

Directory traversal

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files...

CVE-2022-37063

The connected sources confirm CVE-2022-37063 affects Teledyne FLIR AX8 thermal sensor cameras up to version 1.46.16, due to improper input sanitization that enables authenticated remote XSS in the web management interface. Successful exploits can execute arbitrary JavaScript in the victim’s brows...

CVE-2022-37063

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting XSS due to improper input sanitization. An authenticated remote attacker can execute arbitrary JavaScript code in the web management interface. A successful exploit could allow the...

CVE-2022-37062

The CVE-2022-37062 issue affects Teledyne FLIR AX8 thermal sensor cameras version up to and including 1.46.16, due to an insecure design from improper directory access restriction that allows an unauthenticated remote attacker to request a URI containing the path to the SQLite users database and ...

CVE-2022-37062

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

CVE-2022-37060

The CVE-2022-37060 entry relates to Teledyne FLIR AX8 thermal sensor cameras affected up to firmware version 1.46.16. A directory traversal flaw arises from improper access restrictions, allowing an unauthenticated, remote attacker to disclose files outside the restricted server path by sending c...

PT-2022-23779 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 Description: The issue is due to improper input sanitization, allowing an authenticated remote attacker to execute arbitrary JavaScript code in the web management interface...

CVE-2022-37061

CVE-2022-37061 – FLIR AX8 RCE vulnerability (up to firmware 1.46.16) : The issue is an unauthenticated remote command injection via the POST parameter id to res.php, allowing an attacker to execute arbitrary shell commands as root. Public reports indicate exploitation in the wild (e.g., Metasploi...

CVE-2022-37060

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files...

CVE-2022-38129

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile method in the Keysight Sensor Management Server SMS. This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host...

CVE-2022-38129

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile method in the Keysight Sensor Management Server SMS. This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host...