#linux

This vulnerability allows a local authenticated user to create a file in the /tmp directory that contains malicious commands. The file must have the filename ending with .traceroute.pid, and the commands in the file can only be executed once by an external unauthenticated attacker. By calling the vulnerable script and making a single HTTP POST request, the attacker can gain command execution on the system. After the request is made, the file containing the malicious commands will be deleted.

The application suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'username' HTTP POST parameter through index.php and login.php script.

The application suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'password' HTTP POST parameter through index.php and login.php script.

An authenticated command injection vulnerability exists in the www-data-handler.php script at line 20, where the 'services' HTTP POST parameter is passed as an argument to the system command "/usr/local/bin/www-data-handler.sh --restartsrv". This allows an attacker to inject arbitrary system commands into the 'services' parameter, which are then executed by the script with the privileges of the 'www-data' user.

The application suffers from an unauthenticated file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

This vulnerability allows a local authenticated user to create a file in the /tmp directory that contains malicious commands. The file must have the filename ending with .ping.pid, and the commands in the file can only be executed once by an external unauthenticated attacker. By calling the vulnerable script and making a single HTTP POST request, the attacker can gain command execution on the system. After the request is made, the file containing the malicious commands will be deleted.

The application suffers from an unauthenticated live stream disclosure when webplay or ffmpeg scripts are called.

This vulnerability allows a local authenticated user to create a file in the /tmp directory that contains malicious commands. The file must have the filename ending with .dns.pid, and the commands in the file can only be executed once by an external unauthenticated attacker. By calling the vulnerable script and making a single HTTP POST request, the attacker can gain command execution on the system. After the request is made, the file containing the malicious commands will be deleted.

The application is vulnerable to sensitive directory indexing / information disclosure vulnerability. An unauthenticated attacker can visit the log directory and disclose the server's log files containing sensitive and system information.

The application suffers from an unauthenticated stored XSS vulnerability that results in stored JS code and authentication bypass. The issue is triggered when input passed to the 'username' parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.