242 matches found
Hikvision NVR Buffer Overflow Vulnerability
The Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 are both hard disk recorders from Hikvision, a Chinese company. A buffer overflow vulnerability exists in the Hikvision NVRs. It allows an attacker to cause a denial of service service interruption via a crafted HTTP request i.e. SDK issue...
Elevation of Privilege Vulnerability in Multiple NUUO and NetGear Products
NUUO NVRmini 2 and NVRsolo are network video recorders.NetGear ReadyNAS Surveillance is a comprehensive IP video surveillance solution that integrates video surveillance software, storage, switching, and network management.NUUO Crystal is a Linux-based enterprise VMS Virtual Memory System NUUO...
NUUO NVRmini 2 Arbitrary Code Execution Vulnerability
NUUO provides a stable and high performance digital networked surveillance system. The NUUO NVRmini 2 suffers from an arbitrary code execution vulnerability that can be exploited by an attacker to inject and execute arbitrary code with root privileges due to unauthenticated and hidden debug scrip...
NUUO Device Detection (HTTP)
HTTP based detection of NUUO devices. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.105855";...
NUUO Network Video Recorder Default Credentials (HTTP)
The remote NUUO Network Video Recorder web interface is using known default credentials. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vul
Exploit for hardware platform in category remote exploits Multiple vulnerabilities in NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS Surveillance application Discovered by Pedro Ribeiro email protected, Agile Information Security http://www.agileinfosec.co.uk/...
NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
Multiple vulnerabilities in NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS Surveillance application Discovered by Pedro Ribeiro [email protected], Agile Information Security http://www.agileinfosec.co.uk/ ==========================================================================...
TP-Link SC2020n Authenticated Telnet Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'TP-Link SC2020n Authenticated Telnet Injection', 'Description' = %q The TP-Link SC2020n Network Video Camera is vulnerable to O...
Netgear ReadyNAS Remote Code Execution
Unauthenticated Remote Command Execution in Netgear ReadyNAS Surveillance ========================================================================= Product Description =================== Netgear ReadyNAS Surveillance is a NVR Network Video Recorder available for Netgear NAS systems. Vulnerabilit...
Samsung SRN-1670D Weak Custom Encryption Algorithm Vulnerability
Samsung SRN-1670D is a network video recorder product. The Samsung SRN-1670D uses a weakly customizable encryption algorithm based on simple different-or operations, which allows remote attackers to exploit the vulnerability to obtain arbitrary files and user credentials...
Bosch Security Systems Dinion NBN-498 XML Injection
Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet: http://resource.boschsecurity.us/documents/DatasheetenUS9007201286798987.pdf Version: Hardware Firmware 4.54.0026 -...
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet:...
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection
Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet: http://resource.boschsecurity.us/documents/DatasheetenUS9007201286798987.pdf Version: Hardware Firmware 4.54.0026 -...
Seyeon FlexWATCH Network Video Server 2.2 Unauthorized Administrative Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8942/info It has been reported that FlexWATCH Network Video Server may be prone to an access validation error that may allow a remote attacker to gain administrative access to the system. The problem is reported to presen...
CVE-2013-0144
Cross-site request forgery CSRF vulnerability in cgi-bin/createuser.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action...
http-qnap-nas-info NSE Script
Attempts to retrieve the model, firmware version, and enabled services from a QNAP Network Attached Storage NAS device. Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline,...
Path traversal
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder NVR SP2 2.0 allow remote attackers to 1 create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or 2...
CVE-2007-4583
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder NVR SP2 2.0 allow remote attackers to 1 create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or 2...
CVE-2007-4582
CVE-2007-4582 describes a buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control (nvUnifiedControl.dll 1.1.45.0) used by ACTi Network Video Recorder (NVR) SP2 2.0. An attacker can trigger the overflow by passing a long second argument to the SetText method, enabling remote code...
CVE-2003-1160
FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes //...