65 matches found
CVE-2014-8384
The CVE-2014-8384 entry concerns the InFocus IN3128HD projector (firmware 0.26). The issue is missing authentication for the CGI file webctrl.cgi.elf in cgi-bin, allowing an unauthenticated remote attacker to modify DHCP/server IP configurations, reboot the device, and change the device hostname,...
CVE-2014-8383
The CVE-2014-8383 entry concerns the InFocus IN3128HD projector with firmware 0.26. Public sources describe an authentication bypass in the web interface (by accessing /main.html after login) and missing authentication for the CGI file /cgi-bin/webctrl.cgi.elf, enabling unauthenticated access to ...
[CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities
Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted:...
InFocus projectors authentication bypass
Few authentication bypass possibilities...
Authentication Vulnerabilities Identified in Projector Firmware
The manufacturer of a popular projector found primarily in classrooms is neglecting to address several authentication bugs that exist in the device that could open it up to hacks. It’s technically the firmware for the projector, InFocus IN3128HD, version 0.26, that’s vulnerable. The web interface...
InFocus IN3128HD Projector Missing Authentication
Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted:...
InFocus IN3128HD Projector Missing Authentication Vulnerability
The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable. 1. Adviso...
InFocus - Arbitrary File Download
The infocus WordPress theme was affected by an Arbitrary File Download security vulnerability...
Infocus Real Estate Enterprise Edition Script Authentication Bypass
No description provided by source...
Wordpress Theme Infocus /dl-skin.php 任意文件下载漏洞
No description provided by source...
Wordpress Theme Infocus Arbitrary File Download Vulnerability
This exploit allows attacker to download any writable file from the server Usage Info The exploit extension is .html Put the path of the file in the file's field of the exploit ,then click "Download" button then you get the file directly Title : Wordpress Theme Infocus Arbitrary File Download...
WordPress Infocus Theme - Local File Disclosure
WordPress Infocus theme is prone to a local file disclosure vulnerability that allows an attacker to get potentially sensitive information from local files on computers running the vulnerable application. Solution Upgrade the plugin...
WordPress Theme Infocus - infocuslibscriptsdl-skin.php Local File Disclosure
WordPress Theme Infocus - infocuslibscriptsdl-skin.php Local File Disclosure source: https://www.securityfocus.com/bid/67934/info The Infocus theme for WordPress is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this...
WordPress Theme Infocus - '/infocus/lib/scripts/dl-skin.php' Local File Disclosure
source: https://www.securityfocus.com/bid/67934/info The Infocus theme for WordPress is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information fro...
WordPress Infocus Local File Disclosure
Post Local File Disclosure in wordpress theme Infocus + Date: 07/06/2014 + CWE Number: CWE-98 + Risk: High + Author: Felipe Andrian Peixoto + Dork:inurl:"/wp-content/themes/infocus/" + Vendor Homepage: http://themeforest.net/item/infocus-powerful-professional-wordpress-theme/85486 + Contact:...
WordPress Infocus Theme Cross Site Scripting
Infocus Theme DOM Based XSS Details ======= Product: Infocus Theme DOM Based XSS Security-Risk: Moderate Remote-Exploit: yes Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Vendor-URL: http://themeforest.net/item/infocus-powerful-professional-wordpress-theme/85486...
Infocus Web Solutions (news_desc.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Infocus Web Solutions newsdesc.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.infocuswebdesigning.com/ Persian Gulf 4 Ever! Dork : "Powered by Infocus Web Solutio...
Infocus Web Solutions SQL Injection
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Infocus Web Solutions newsdesc.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.infocuswebdesigning.com/ Persian Gulf 4 Ever! Dork : "Powered by Infocus Web Solutio...
CVE-2010-1654
Multiple SQL injection vulnerabilities in systemmemberlogin.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the 1 username aka login and 2 password parameters. NOTE: some of these details are obtained from third party information...
CVE-2010-1654
Multiple SQL injection vulnerabilities in systemmemberlogin.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the 1 username aka login and 2 password parameters. NOTE: some of these details are obtained from third party information...