Lucene search
K

180 matches found

Hacker One
Hacker One
added 2016/04/10 12:2 p.m.21 views

Ubiquiti Inc.: UniFi Video Server - Arbitrary file upload as SYSTEM

In UniFi Video Server prior to 3.3.0, due to lack of filename verification, it was possible to upload files to arbitrary locations using a especially crafted HTTP request. The exploit require valid credentials and is only exploitable in the Windows version...

3.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/11/30 12:0 a.m.14 views

Air Video Server Detection

Binary data 9808.prm...

7.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/10/29 12:0 a.m.7 views

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to read arbitrary files.

The vulnerability of the Microprogramming Software of the Cisco TelePresence Video Communication Server exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor, operating locally, to read arbitrary files...

6.9CVSS5.6AI score0.00355EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2015/10/02 12:0 a.m.54 views

Bosch Security Systems Dinion NBN-498 XML Injection

Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet: http://resource.boschsecurity.us/documents/DatasheetenUS9007201286798987.pdf Version: Hardware Firmware 4.54.0026 -...

9.7AI score0.05347EPSS
Exploits5
exploitpack
exploitpack
added 2015/10/01 12:0 a.m.60 views

Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection

Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet:...

7.5CVSS9.9AI score0.05347EPSS
Exploits5
Exploit DB
Exploit DB
added 2015/10/01 12:0 a.m.54 views

Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection

Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet: http://resource.boschsecurity.us/documents/DatasheetenUS9007201286798987.pdf Version: Hardware Firmware 4.54.0026 -...

9.8CVSS9.7AI score0.05347EPSS
Exploits5
NVD
NVD
added 2015/09/26 1:59 a.m.24 views

CVE-2015-6454

Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service incorrect pointer dereference and daemon crash via a crafted packet...

5CVSS6.6AI score0.02509EPSS
Exploits0References1
CVE
CVE
added 2015/09/25 1:0 a.m.49 views

CVE-2015-6454

CVE-2015-6454 affects PeakHMI prior to 8.7.0.2. When the video server is enabled, a crafted packet can trigger an untrusted pointer dereference, leading to a remote denial of service (daemon crash). Affected product: PeakHMI (industrial control systems) prior to version 8.7.0.2. Impact: remote cr...

5CVSS6.8AI score0.02509EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/01/15 12:0 a.m.4 views

Cisco TelePresence Video Communication Server/Expressway Denial of Service Vulnerability

Cisco TelePresence Video Communication Server is a video conferencing solution that integrates h.323 and SIP. A denial of service vulnerability exists in Cisco TelePresence Video Communication Server/Expressway, which allows remote attackers to launch denial of service attacks via crafted SIP...

5CVSS6.8AI score0.0202EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Axis Communications Video Server 2.x Command.CGI File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6987/info It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Seyeon FlexWATCH Network Video Server 2.2 Unauthorized Administrative Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8942/info It has been reported that FlexWATCH Network Video Server may be prone to an access validation error that may allow a remote attacker to gain administrative access to the system. The problem is reported to presen...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

Axis Network Camera 2.x And Video Server 1-3 HTTP Authentication Bypass

No description provided by source. source: http://www.securityfocus.com/bid/11011/info A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. This issue is reported to affect: - Axis StorePoint CD E100 CD-ROM Server...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Ezhometech Ezserver 6.4 Stack Overflow Exploit

No description provided by source. Exploit Title: Ezhometech EzServer =6.4 Stack Overflow Vulnerability Author: modpr0be Contact: researchatSpenteradotcom Platform: Windows Tested on: Windows XP SP3 OptIn, Windows 2003 SP2 OptIn Software Link: http://www.ezhometech.com/buyezserver.htm References:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Axis Network Camera 2.x And Video Server 1-3 virtualinput.cgi Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/11011/info 1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

axis network camera 2.x and video server 1-3 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11011/info A directory-traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This bypasses authentication checks and gives anonymous user...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Axis Communications HTTP Server 2.x Messages Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6980/info It has been reported that the Axis Video Server does not properly secure sensitive information. Because of this, an attacker may be able to gather details about server operation and traffic that could lead to...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/06/25 12:0 a.m.46 views

ZoneMinder Video Server packageControl Command Execution (CVE-2013-0232)

A code execution vulnerability has been reported in ZoneMinder. The vulnerability is due to flaw in the index.php script that is triggered when user supplied input used in the /includes/actions.php file is passed from the 'runeState' parameter to the 'packageControl, which calls exec with user...

1.5AI score0.47895EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/01/21 12:0 a.m.11 views

Multiple IP Video/Camera Server Default Admin Credentials (HTTP)

The remote IP Video/Camera server web interface is using known default credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

5.5AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/03/20 3:55 p.m.28 views

CVE-2013-0232

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...

7.5CVSS6.2AI score0.47895EPSS
Exploits2References3
OSV
OSV
added 2013/03/20 3:55 p.m.11 views

CVE-2013-0232

includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...

7.5AI score
Exploits0References7
Rows per page
Query Builder