20 matches found
CVE-2022-44117
Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...
Boa SQL Injection Vulnerability
Boa is open source an open source code for embedded applications. A SQL injection vulnerability exists in Boa version 0.94.14rc21. The vulnerability stems from the username parameter not being validated for external input. An attacker can exploit this vulnerability to obtain sensitive database...
CVE-2022-44117
Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...
Sql injection
Boa 0.94.14rc21 is vulnerable to SQL Injection via username...
CVE-2022-44117
Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL...
Boa SQL注入漏洞
Boa is open source an open source code for embedded applications. A SQL injection vulnerability exists in Boa version 0.94.14rc21. The vulnerability stems from the username parameter not being validated for external input. An attacker can exploit this vulnerability to obtain sensitive database...
CVE-2022-44117
Boa 0.94.14rc21 is identified as vulnerable to SQL Injection via the username parameter. The claim is disputed by third parties since Boa does not ship with SQL support. The public records note the vulnerability and dispute, with no cited confirmed exploit details or patch information in the prov...
Rifatron Intelligent Digital Security System - animate.cgi Stream Disclosure Vulnerability
Exploit for cgi platform in category web applications !/bin/bash Rifatron Intelligent Digital Security System animate.cgi Stream Disclosure Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. Product web page: http://www.rifatron.com Affected version: 5brid DVR HD6-532/516, DX6-516/508/504,...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure Vulnerability
Exploit for hardware platform in category web applications BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more...
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure
Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...
Vivotek IP Cameras - Remote Stack Overflow (PoC)
STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...
Vivotek IP Cameras - Remote Stack Overflow
Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...
Boa Webserver Arbitrary File Access Vulnerability
Boa Webserver is a web server for Unix-like computers. A security vulnerability exists in the /cgi-bin/wapopen URI in Boa Webserver version 0.94.14rc21. An attacker can inject the URI by using the FILECAMERA variable '... /...' The vulnerability can be exploited to read files with root privileges...
CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...
CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...
CVE-2009-4496
Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4496
Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
CVE-2009-4496
CVE-2009-4496 affects the Boa web server (Boa 0.94.14 rc21 in the Fedora/NASL/OpenVAS references) where HTTP logs are written without sanitizing non-printable characters. The provided connected document notes that this could allow remote attackers to exploit escape sequences in a request to manip...
Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection
BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection source: https://www.securityfocus.com/bid/37718/info Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to...