Honeywell IP-Camera HICC-1100PT - Local File Disclosure

Advisory Information ======================================== Title : Honeywell IP-Camera HICC-1100PT Local File Inclusion Vendor Homepage : https://www.asia.security.honeywell.com Remotely Exploitable : Yes Tested on Camera types : HICC-1100PT Reference :...

JVC IP-Camera VN-T216VPRU Credential Disclosure

Advisory Information ======================================== Title : JVC IP-Camera VN-T216VPRU Remote Credentials Disclosure Vendor Homepage : http://pro.jvc.com/ Remotely Exploitable : Yes Tested on Camera types : VN-T216VPRU Product References :...

Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR Credential Disclosure

Advisory Information ======================================== Title : Vanderbilt IP-Camera CCPW3025-IR + CVMW3025-IR Remote Credentials Disclosure Vendor Homepage : https://is.spiap.com/ Remotely Exploitable : Yes Tested on Camera types : CCPW3025-IR , CVMW3025-IR Product References :...

C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass

Advisory Information ======================================== Title : C2S DVR Management Remote Credentials Disclosure & Authentication Bypass Vendor Homepage : http://www.cash2s.com/en/ Remotely Exploitable : Yes Tested on Camera types : IRDOME-II-C2S, IRBOX-II-C2S, DVR Vulnerabilities :...

JVC IP Camera VN-T216VPRU - Credentials Disclosure

Exploit for cgi platform in category web applications 1. Advisory Information ======================================== Title : JVC IP-Camera VN-T216VPRU Remote Credentials Disclosure Vendor Homepage : http://pro.jvc.com/ Remotely Exploitable : Yes Tested on Camera types : VN-T216VPRU Product...

Honeywell IP-Camera HICC-1100PT - Credentials Disclosure

Advisory Information ======================================== Title : Honeywell IP-Camera HICC-1100PT Unauthenticated Remote Credentials Disclosure Vendor Homepage : https://www.asia.security.honeywell.com Remotely Exploitable : Yes Tested on Camera types : HICC-1100PT Reference :...

Honeywell IP Camera HICC-1100PT - Credentials Disclosure

Exploit for cgi platform in category web applications 1. Advisory Information ======================================== Title : Honeywell IP-Camera HICC-1100PT Unauthenticated Remote Credentials Disclosure Vendor Homepage : https://www.asia.security.honeywell.com Remotely Exploitable : Yes Tested ...

Glibc DNS Resolver Vulnerability

A vulnerability in the GNU libc glibc DNS resolver allows remote code execution CVE-2015-7547. However, this issue can be exploited only from a DNS server that is under the control of an attacker. Ref 91886. This glibc issue is only exploitable by an attacker controlling the DNS server configured...

Netcore Router Udp 53413 Backdoor

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Netcore Router Udp 53413 Backdoor', 'Description' = %q Routers manufactured by Netcore, a popular brand for networking equipmen...

SAP SAPCAR - Multiple Vulnerabilities

SAP SAPCAR - Multiple Vulnerabilities 1. Advisory Information Title: SAP CAR Multiple Vulnerabilities Advisory ID: CORE-2016-0006 Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities Date published: 2016-08-09 Date of last update: 2016-08-09 Vendors contacted: SAP...

Use-after-free in service workers with nested sync events — Mozilla

Security researcher Looben Yang discovered a use-after-free vulnerability when working with nested sync event loops in Service Workers. He discovered a mechanism where scripts can close their own worker, which will then trigger a synchronization XMLHttpRequest on this now closed and released...

Use-after-free when using alt key and toplevel menus — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team reported a use-after-free vulnerability when the alt key is used in conjunction with toplevel menu items in Firefox. This results in a potentially exploitable crash when triggered. This vulnerability is mitigated by not...

Stack underflow during 2D graphics rendering — Mozilla

Georg Koppen of the Tor Project used the Address Sanitizer tool to discover a stack buffer underflow when calculating clipping regions in 2D graphics. This results in a potentially exploitable crash...

Type confusion in display transformation — Mozilla

Using the Address Sanitizer tool, security researcher Nils reported a type confusion flaw in display transformation during rendering due to incorrect bounds checking. This leads to a potentially exploitable crash and can be triggered by web content...

Integer overflow in WebSockets during data buffering — Mozilla

Security researcher Samuel Groß reported an integer overflow error in WebSockets during data buffering on incoming packets when an allocated buffer is resized incorrectly. This results in the buffer array holding the data being shrunk, instead of grown, resulting in attacker controlled data being...

Use-after-free in DTLS during WebRTC session shutdown — Mozilla

Security researcher Looben Yang reported a use-after-free vulnerability in WebRTC. This occurs during WebRTC session shutdown when DTLS objects in memory are freed while still actively in use. This results in a potentially exploitable crash...

Crash in incremental garbage collection in JavaScript — Mozilla

Security researcher Jukka Jylänki reported a use-after-free in JavaScript caused by how objects and pointers are handled during incremental garbage collection in some circumstances working with object groups. When triggered, this causes a potential exploitable crash but is mitigated by the...

AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector

Exploit for linux platform in category web applications Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products Authenticated Remote Command Execution via devtools vector + Vendor: AXIS Communications + Research and Advisory: Orwelllabs ...

AXIS Authenticated Remote Command Execution

/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com security advisory olsa-2015-8257 PGP: 79A6CCC0 Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products...

CodoForum 3.2.1 - SQL Injection

Exploit for php platform in category web applications 1. Advisory Information ======================================== Title : CodoForum = 3.2.1 Remote SQL Injection Vulnerability Vendor Homepage : https://codoforum.com/ Remotely Exploitable : Yes Versions Affected : Prior to 3.2.1 Tested on :...