CVE-2019-17106

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components...

CVE-2017-17106

creationtimestamp| type| source ---|---|--- 2024-11-26 15:14:49+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113549907612268148 2025-09-12 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-09-12 2025-09-15 00:00:00+00:00| seen| The Shadowserver...

CVE-2020-17106

creationtimestamp| type| source ---|---|--- 2020-11-11 12:35:02+00:00| seen| https://t.me/cibsecurity/16147...

CVE-2020-17106

HEVC Video Extensions Remote Code Execution Vulnerability...

CVE-2020-17106 HEVC Video Extensions Remote Code Execution Vulnerability

...

CVE-2020-17106

CVE-2020-17106 affects HEVC Video Extensions (Microsoft). The PT-2020-4821 entry describes a remote code execution caused by incorrect code generation management in the HEVC Video Extension codec. Public exploits exist. The PT page does not specify affected versions or a fix. Public advisories an...

CVE-2019-17106

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components...

CVE-2019-17106

CVE-2019-17106 affects Centreon Web up to version 2.8.29. The issue is disclosure of external components’ passwords, which authenticated attackers can use to move laterally to external components. The available connected records repeat the same description without adding new technical details (no...

CVE-2018-17106

In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the domkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname...

CVE-2018-17106

CVE-2018-17106 affects Tinyftp Tinyftpd 1.1. A buffer overflow in the text variable of the do_mkd function in ftpproto.c can allow an attacker to overwrite the saved base pointer (ebp) via a long pathname. This entry is documented across multiple ecosystems (NVD/NVD mirror, OSV, CVE lists) with t...

CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...

CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. Recent assessments...

CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...

CVE-2017-17106

CVE-2017-17106 affects Zivif PR115-204-P-RS V2.3.4.2103 Webcams. The vulnerability arises from a lack of authentication in CGI page requests (specifically /web/cgi-bin/hi3510/param.cgi?cmd=getuser), enabling an unauthenticated remote attacker to obtain credentials. Impact is credential disclosure...

Zivif Web Cameras Multiple Vulnerabilities

Implementation of access controls is Zivif cameras is severely lacking.As a result, CGI functions can be called directly, bypassing authentication checks. This was first identified with the following request CVE-2017-17106 http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this...

Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password

Attack vector: Remote Authentication: None Researcher: Silas Cutler p1nk Release date: December 10, 2017 Full Disclosure: 90 days CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 Vulnerable Device: Zivif PR115-204-P-RS Version: V2.3.4.2103 Timeline: 1 September 2017: Initial alerting to...