• Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

6.4.8

  1. 1

    Exploits FaceSentry Access Control System 6.4.8 Cleartext Password Storage

    FaceSentry Access Control System version 6.4.8 credentials used for accessing the web front end are stored unencrypted on the device in /faceGuard/database/FaceSentryWeb.sqlite. View the full article
  2. 1

    Exploits FaceSentry Access Control System 6.4.8 Authentication Credential Disclosure

    FaceSentry Access Control System version 6.4.8 suffers from a cleartext transmission of sensitive information. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. View the full article
  3. 1

    Exploits FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting

    FaceSentry Access Control System version 6.4.8 is vulnerable to multiple cross site scripting vulnerabilities. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'msg' parameter (GET) in pluginInstall.php script. An attacker may leverage any of the...
  4. 1

    Exploits FaceSentry Access Control System 6.4.8 Remote SSH Root Access

    FaceSentry Access Control System version 6.4.8 facial biometric access control appliance ships with hard-coded and weak credentials for SSH access on port 23445 using the credentials wwwuser:123456. The root privilege escalation is done by abusing the insecure sudoers entry file. View the full...
  5. 1

    Exploits FaceSentry Access Control System 6.4.8 Remote Root

    FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script. View the full...
  6. 1

    Exploits FaceSentry Access Control System 6.4.8 Cross Site Request Forgery

    The FaceSentry Access Control System version 6.4.8 application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user...
  7. 1

    Exploits FaceSentry Access Control System 6.4.8 Remote Command Injection

    FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' and 'strInPort' parameters (POST) in pingTest and...
Back
Top