CVE-2021-47945

CVE-2021-47945 affects Argus Surveillance DVR 4.0 through an unquoted service path in the DVRWatchdog service. The root cause is the unquoted binary path, enabling a local attacker to escalate privileges by placing a malicious executable in the Program Files directory, which the service will exec...

The Shocking Secrets of Madison Square Garden’s Surveillance Machine

Famously vengeful Knicks owner Jim Dolan has long spied on people at his iconic arenas. WIRED goes deep inside the operation that allegedly tracked a trans woman, lawyers, protesters, and more...

PT-2026-24005

Name of the Vulnerable Software and Affected Versions Tiandy Video Surveillance System version 7.17.0 Description A security issue exists in Tiandy Video Surveillance System that allows for unrestricted file uploads. This is due to the manipulation of the fileName argument within the uploadFile...

Tiandy Video Surveillance System 代码问题漏洞

Tiandy Video Surveillance System is a video monitoring system developed by Tiandy Company in China. Version 7.17.0 of Tiandy Video Surveillance System has a code vulnerability. This vulnerability stems from incorrect handling of the parameter fileName in the file...

Exploit for CVE-2024-51482

Security Research: Multi-Stage Exploitation of Web-Based Surve...

CVE-2026-2985 Tiandy Video Surveillance System 视频监控平台 CLSBODownLoad.java downloadImage server-side request forgery

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

CVE-2026-2985

CVE-2026-2985 affects Tiandy Video Surveillance System 7.17.0. The flaw resides in the downloadImage function of /com/tiandy/easy7/core/bo/CLSBODownLoad.java, where manipulating the urlPath argument enables server-side request forgery. The vulnerability can be exploited remotely, with public expl...

CVE-2026-2985 Tiandy Video Surveillance System 视频监控平台 CLSBODownLoad.java downloadImage server-side request forgery

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

Tiandy Video Surveillance System 代码问题漏洞

Tiandy Video Surveillance System is a video monitoring system developed by Tiandy Company in China. Version 7.17.0 of Tiandy Video Surveillance System has a code vulnerability. This vulnerability stems from improper handling of the parameter urlPath in the...

PT-2026-21514

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible...

EUVD-2009-5042

Malware in sbrugna...

Development and Analysis of a Secured VoIP System for Surveillance Activities

Since the 1990s, the telephone has been the primary mode of communication. However, Voice over Internet Protocol VoIP, which is a highly straightforward and affordable form of data transfer, is now becoming an important part of daily communication. VoIP is the technology that makes it possible to...

The vulnerability of the server of the surveillance and recording system for AXIS Camera Station Pro allows a intruder to create or modify arbitrary files.

The vulnerability of the surveillance and recording system server for AXIS Camera Station Pro relates to improper external management of file names or files. Exploiting this vulnerability can allow attackers to create or modify arbitrary files...

SQL Injection Vulnerability in DSS Digital Surveillance System of Zhejiang Dahua Technology Co.

DSS Digital Surveillance System is a security video surveillance system with real-time monitoring, PTZ operation, video playback, alarm processing, device management and other functions. DSS Digital Surveillance System of Zhejiang Dahua Technology Co., Ltd. suffers from SQL injection vulnerabilit...

CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

The vulnerability of the graphical interface of the microprogramming software for the FortiRecorder surveillance system allows a intruder to read arbitrary files.

The vulnerability of the graphical interface of the microprogramming software for the video surveillance system FortiRecorder is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files by sending specially...

SQL Injection Vulnerability in Digital Surveillance System of Zhejiang Dahua Technology Co. Ltd (CNVD-2024-42251)

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. A SQL injection vulnerability exists in Digital Surveillance System of Zhejiang Dahua Technology Co. Ltd, which can be exploited by an attacker to obtain sensitive information from the databa...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Command Injection

Advisory ID: SYSS-2024-030 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: OS Command Injection CWE-78 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution...

The vulnerability of the CORS (Cross-Origin Resource Sharing) mechanism in the exacqVision Web Service web interface of the exacqVision surveillance system allows attackers to circumvent security restrictions and execute cross-origin attacks.

The vulnerability of the CORS Cross-Origin Resource Sharing mechanism in the exacqVision Web Service web interface of the video surveillance system exists due to incorrect processing of the HTTP header “Origin”. Exploiting this vulnerability allows a malicious actor to bypass security restriction...

File Upload Vulnerability in Digital Surveillance System of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in Digital Surveillance System of Zhejiang Dahua Technology Co. Ltd, which can be exploited by attackers to upload malicio...