180 matches found
CVE-2019-18339
A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The HTTP service default port 5401/tcp of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network...
CVE-2019-18339
CVE-2019-18339 affects SiNVR/SiVMS Video Server before version 5.0.0. The HTTP service on port 5401/tcp exposes an authentication bypass vulnerability, allowing a remote attacker with network access to read the user database (passwords in obfuscated cleartext). Red Hat and NVD entries confirm the...
PT-2019-15359 · Siemens · Control Center Server +1
Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 SiNVR/SiVMS Video Server versions prior to V5.0.0 Description: A vulnerability has been identified where the SiVMS/SiNVR Video Server and the Control Center Server CCS store user and device...
PT-2019-15357 · Sinvr · Sinvr 3 Central Control Server +2
Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 SiNVR 3 Central Control Server CCS all versions SiNVR 3 Video Server all versions Description: A directory traversal vulnerability has been identified in the XML-based communication protocol ...
PT-2019-15358 · Siemens · Sinvr/Sivms Video Server
Name of the Vulnerable Software and Affected Versions: SiNVR/SiVMS Video Server versions prior to V5.0.0 Description: A vulnerability has been identified in the HTTP service of the SiVMS/SiNVR Video Server, which contains an authentication bypass issue. This allows a remote attacker with network...
Siemens SiNVR 3 Video Server Authentication Bypass Vulnerability
SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and formerly distributed by Schille Informationssysteme gmmbH. An authentication bypass vulnerability exists in the HTTP service default port 5401/tcp of the Siemens SiNVR 3 Video Server. A...
Siemens and PKE SiNVR, SiVMS Video Server (Update A)
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens and PKE Equipment: SiNVR, SiVMS Video Servers Vulnerabilities: Missing Authentication for Critical Function, Weak Cryptography for Passwords...
The vulnerability of Pelco Endura video server microprogramming software, related to access control errors, allows intruders to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Pelco Endura video server microprogramming software is related to access control errors. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of protected information by using specially...
CVE-2018-15430
A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficien...
Ubiquiti Inc.: UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise
The UniFi Video Server for Windows web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the...
Ubiquiti Inc.: UniFi Video Server web interface Configuration Restore path traversal leading to local system compromise
In UniFi Video Controller 3.9.3 and prior, an user with administrator privileges can restore the configuration using a specially crafted zip file. Due to the lack of validation for path transversal, the user can upload arbitrary files to arbitrary locations...
Ubiquiti Inc.: UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise
In UniFi Video 3.10.0, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page...
Geovision Inc. IP Camera / Video Server Remote Command Execution
!/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all settings of remote IPC with Login/Passwd in cleartext Using: -...
Geovision Inc. IP Camera & Video - Remote Command Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all...
Geovision Inc. IP Camera Video - Remote Command Execution
Geovision Inc. IP Camera Video - Remote Command Execution !/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all...
Geovision Inc. IP Camera & Video - Remote Command Execution
!/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all settings of remote IPC with Login/Passwd in cleartext Using: -...
Axis Devices Detection (FTP)
FTP based detection of Axis devices. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...
CVE-2016-1444
The Mobile and Remote Access MRA component in Cisco TelePresence Video Communication Server VCS X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601...
AXIS 2400+ Blade Video Server /view/view.shtml 越权访问漏洞
No description provided by source...
Ubiquiti Inc.: UniFi Video Server - Broken access control on system configuration
In UniFi Video Server prior to 3.7.0, an attacker with user permissions can download the Backup and Support files...