180 matches found
Cisco Expressway Series and Cisco TelePresence Video Communication Server Memory Exhaustion Vulnerability
Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco Corporation.Cisco Expressway Series is an advanced collaboration gateway for unified communications.Cisco TelePresence Video Communication Server is a video communication server. The Cisco...
The vulnerability of the VPort 461 Series video server arises from the lack of measures to neutralize special elements used in operating system teams, allowing a hacker to execute arbitrary code.
The vulnerability of the VPort 461 Series video server is related to the lack of measures to neutralize special elements used in operating system teams. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Central Control Server (CCS) and the Video Server of Siemens’ SiNVR 3 solution, related to the unencrypted storage of user credentials, allows a intruder to gain unauthorized access to users’ credentials.
The vulnerability of the Central Control Server CCS and the Video Server of Siemens’ SiNVR 3 solution for video management involves unencrypted storage of user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to users’...
The vulnerability of the Central Control Server (CCS) and the Video Server of Siemens’ SiNVR 3 solution, related to the lack of measures for cleaning input data, allows a intruder to inject malicious code into the web application of the Central Control Server.
The vulnerability of the Central Control Server CCS and the video server of Siemens’ SiNVR 3 solution relates to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to inject malicious code into the web application of the Central Control Server...
Weak Password Vulnerability in Network Video Server of Longchamp Cintron
Ltd. is a provider of products and application solutions in the field of network video surveillance in China. A weak password vulnerability exists in the network video server, which can be exploited by an attacker to log in to the backend of the system...
CVE-2020-8144
The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...
CVE-2020-8145
The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...
CVE-2020-8144
The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...
CVE-2020-8145
The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...
Design/Logic Flaw
The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...
Design/Logic Flaw
The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...
CVE-2020-8145
The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...
CVE-2020-8145
CVE-2020-8145 affects the UniFi Video Server (Windows) web interface. The vulnerability is in the backup and wizard configuration-restore endpoints, which do not perform sufficient privilege checks. Low-privilege users (PUBLIC_GROUP or CUSTOM_GROUP) can access these endpoints and overwrite the cu...
CVE-2020-8144
The CVE-2020-8144 issue affects UniFi Video Server v3.9.3 and earlier on Windows (x64) where the firmware update mechanism does not validate the download destination, allowing a crafted ..\ sequence to cause the firmware file to be saved outside the intended directory. This path traversal could e...
CVE-2020-8144
The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...
Siemens SiNVR 3 Insufficient Records Vulnerability
SiNVR 3 is a video management platform.Central Control Server CCS is the central control server and Video Server is the video server. SiNVR 3 has an insufficient security operation logging vulnerability in the XML-based communication protocol implementation, which can be exploited by a remote...
CVE-2019-19299
A vulnerability has been identified in SiNVR/SiVMS Video Server All versions = V5.0.0 = V5.0.2. The streaming service default port 5410/tcp of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device camera passwords. This could allow an unauthenticated remote attacker to read...
CVE-2019-19297
A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The streaming service default port 5410/tcp of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from...
CVE-2019-19296
A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The two FTP services default ports 21/tcp and 5411/tcp of the SiVMS/SiNVR Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary fil...
CVE-2019-19291
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0, SiNVR/SiVMS Video Server All versions V5.0.0. The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server CCS maintain log files that store login credentials in cleartext. In configurations...