FLIR utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera.
75e0671d0c3d8cb4c2eea54cc9f20428149297685efb1fdfa262ad4af9e2edf9
FLIR suffers from an unauthenticated and unauthorized live stream disclosure.
234db5e006c3b2bd0b1c91a7661fea2d0c8182eb089812961158121737f86d7d
FLIP Systems thermal cameras have an issues where Input passed through several parameters is not properly verified before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files from local resources.
d34a3f62ad7186d8f7f078fd8eb7e91db95aa1f3f1268a975bd96226e024248f
FLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.
467a838bbb50091c18ff3f7378b6872b6baa6ae7cf973e758610e0c2230ab17a
Gentoo Linux Security Advisory 201709-25 - Multiple vulnerabilities have been found in Chromium, the worst of which could result in the execution of arbitrary code. Versions less than 61.0.3163.100 are affected.
53805f9167f0c643f42e6afeb6fb2c162ec0afd65af2eb44aab53857b00d9850
Gentoo Linux Security Advisory 201709-24 - Multiple vulnerabilities have been found in RAR and UnRAR, the worst of which may allow attackers to execute arbitrary code. Versions less than 5.5.0_p20170811 are affected.
838c44591a418642b96ecdd7a7d93fbc404538ebd0b5118d3d43df16535dc7bf
Ubuntu Security Notice 3429-1 - Wang Junjie discovered that Libplist incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a crash or denial or service.
e978097067972b300931520c84fb8a640606b0f7cc6c7744c52e61cf5f0fea8d
FLIR FC-S/PT series suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user.
72dca7a2b36694be2eb020a1a8df5c0c7188a5b47584564c2c6a6f0a692581b1
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
718472a548504969e31c447b71c031d142e26216ff2cce4eda0eba494be03dcf
This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2.
99930294bef23f9b9d84c06aa2386d0ad63e5b162e9d0bb0cd32b041027c9f56
Gentoo Linux Security Advisory 201709-23 - Multiple vulnerabilities have been found in Tcpdump, the worst of which may allow execution of arbitrary code. Versions less than 4.9.2 are affected.
715558f6adb4faa8fec7d45efdb67a8b78c48d5649546e1643df6920765b7bbc
Red Hat Security Advisory 2017-2792-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 61.0.3163.100. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
1919d3e29966912af824db60c14cc0bb9de0ad18873d80f32ef317ade8ca8e41
Gentoo Linux Security Advisory 201709-22 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, and IcedTea, the worst of which may allow execution of arbitrary code. Versions less than 1.8.0.141 are affected.
277201977343e8ff9db604c8d0aa89235047a6c676dc1d8fc08485df7f6b2ebb
Gentoo Linux Security Advisory 201709-21 - Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary code. Versions less than 5.6.31:5.6 are affected.
d141275b179501f4e8a5e6b7a0eafc716393e9b83ec4859f38d82d4b37729b7c
Gentoo Linux Security Advisory 201709-20 - A vulnerability in Postfix may allow local users to gain root privileges. Versions less than 3.1.6 are affected.
b600c1a5f95a2227e066f6351a63b9daa56e68a6202706f7df5318020198cbc7
Gentoo Linux Security Advisory 201709-19 - A vulnerability in Exim may allow local users to gain root privileges. Versions less than 4.89-r1 are affected.
e4e8753acd88314f65a96fcfa803a6925a200130dc25cc90535c49d136149011
Gentoo Linux Security Advisory 201709-18 - Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code. Versions less than 4.3 are affected.
89aefc9a366cff54114ccf79e3fe3ca7be36701152914d2c0e752658790e251b
Gentoo Linux Security Advisory 201709-17 - A command injection vulnerability in CVS may allow remote attackers to execute arbitrary code. Versions less than 1.12.12-r12 are affected.
78f216f749a83a59358d93b2407ec3478ef2da3649ff8b7511fbd25def623d28
BlueBorne BlueTooth buffer overflow proof of concept exploit that causes a denial of service vulnerability on Linux kernels prior to 4.13.1.
974f187dadca11aa8a6672fa308652e8c4e301f2e239dcd9ebe671ec208a6e34