138 matches found
[SECURITY] Fedora 36 Update: golang-github-burntsushi-toml-test-0.2.0-12.20210108git9767d20.fc36
Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...
[SECURITY] Fedora 36 Update: golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc36
Toml-test is a higher-order program that tests other TOML decoders or encoder s. The goal is to make it comprehensive. Tests are divided into two groups: inva lid TOML data and valid TOML data. Decoders that reject invalid TOML data pass invalid TOML tests. Decoders that accept valid TOML data an...
Bosch Video Security Code Injection Vulnerability
Bosch Video Security is a video security system from Bosch, Germany. Used to connect to Bosch Ip cameras and encoders from around the world, experience instant video playback, full access to your recordings, forensic search of cameras with Bosch video analytics support, and smooth control of Ptz...
com.adaptrex:adaptrex-core (>=0.9.13 <=1.0-Alpha3), com.adaptrex:adaptrex-sandbox-core (>=0.9.13 <=1.0-Alpha3) +82 more potentially affected by CVE-2022-24289 via org.apache.cayenne:cayenne-server (>=3.0M4 <=4.1.RC2)
org.apache.cayenne:cayenne-server MAVEN version =3.0M4, =0.9.13, =0.9.13, =0.9.13, =0.9.13, =0.12, =0.8, =0.6, =1.6, =1.7, =1.7, =1.14, =1.23, =2.11, =2.10, =0.6.0.2, =0.7.3 and more Source cves: CVE-2022-24289 Source advisory: OSV:GHSA-C58C-W527-H77P...
Php-Malware-Finder - Detect Potentially Malicious PHP Files
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools...
Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques
An open-source Go project to test different web application firewalls WAF for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let's say you defined 2 payloads, 3 encoders Base64, JSON, and...
[SECURITY] Fedora 32 Update: mingw-flac-1.3.3-1.fc32
FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...
VulnCheck KEV: CVE-2020-24217
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to...
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS) Exploit
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...
HiSilicon Video Encoder Backdoor Password
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - full admin access via backdoor password Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24215 Vendors: URayTech, J-Tech Digital...
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech,...
HiSilicon Video Encoders - Full admin access via backdoor password
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - full admin access via backdoor password Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24215 Vendors: URayTech, J-Tech Digital...
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated file disclosure via path traversal Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: https://www.szuray.com/ Software Link: N/A Version: up to 1.97 Tested on: Linux CVE: CVE-2020-24219 Vendors: URayTech...
CVE-2020-24216
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to b...
CVE-2020-24217
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to...
CVE-2020-24218
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file...
CVE-2020-24219
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with t...
CVE-2020-24218
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file...
Hardcoded credentials
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to b...