180 matches found
Ubiquiti Inc.: UniFi Video Server - Arbitrary file upload as SYSTEM
In UniFi Video Server prior to 3.3.0, due to lack of filename verification, it was possible to upload files to arbitrary locations using a especially crafted HTTP request. The exploit require valid credentials and is only exploitable in the Windows version...
Air Video Server Detection
Binary data 9808.prm...
The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to read arbitrary files.
The vulnerability of the Microprogramming Software of the Cisco TelePresence Video Communication Server exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor, operating locally, to read arbitrary files...
Bosch Security Systems Dinion NBN-498 XML Injection
Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet: http://resource.boschsecurity.us/documents/DatasheetenUS9007201286798987.pdf Version: Hardware Firmware 4.54.0026 -...
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet:...
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection
Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface Date: 01/09/2015 Exploit Author: neom22 Vendor Homepage: http://us.boschsecurity.com Data Sheet: http://resource.boschsecurity.us/documents/DatasheetenUS9007201286798987.pdf Version: Hardware Firmware 4.54.0026 -...
CVE-2015-6454
Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service incorrect pointer dereference and daemon crash via a crafted packet...
CVE-2015-6454
CVE-2015-6454 affects PeakHMI prior to 8.7.0.2. When the video server is enabled, a crafted packet can trigger an untrusted pointer dereference, leading to a remote denial of service (daemon crash). Affected product: PeakHMI (industrial control systems) prior to version 8.7.0.2. Impact: remote cr...
Cisco TelePresence Video Communication Server/Expressway Denial of Service Vulnerability
Cisco TelePresence Video Communication Server is a video conferencing solution that integrates h.323 and SIP. A denial of service vulnerability exists in Cisco TelePresence Video Communication Server/Expressway, which allows remote attackers to launch denial of service attacks via crafted SIP...
Axis Communications Video Server 2.x Command.CGI File Creation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6987/info It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of...
Seyeon FlexWATCH Network Video Server 2.2 Unauthorized Administrative Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8942/info It has been reported that FlexWATCH Network Video Server may be prone to an access validation error that may allow a remote attacker to gain administrative access to the system. The problem is reported to presen...
Axis Network Camera 2.x And Video Server 1-3 HTTP Authentication Bypass
No description provided by source. source: http://www.securityfocus.com/bid/11011/info A hardcoded backdoor administrative-user issue allows remote attackers to administer affected devices. This likely cannot be disabled. This issue is reported to affect: - Axis StorePoint CD E100 CD-ROM Server...
Ezhometech Ezserver 6.4 Stack Overflow Exploit
No description provided by source. Exploit Title: Ezhometech EzServer =6.4 Stack Overflow Vulnerability Author: modpr0be Contact: researchatSpenteradotcom Platform: Windows Tested on: Windows XP SP3 OptIn, Windows 2003 SP2 OptIn Software Link: http://www.ezhometech.com/buyezserver.htm References:...
Axis Network Camera 2.x And Video Server 1-3 virtualinput.cgi Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/11011/info 1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other...
axis network camera 2.x and video server 1-3 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11011/info A directory-traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This bypasses authentication checks and gives anonymous user...
Axis Communications HTTP Server 2.x Messages Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6980/info It has been reported that the Axis Video Server does not properly secure sensitive information. Because of this, an attacker may be able to gather details about server operation and traffic that could lead to...
ZoneMinder Video Server packageControl Command Execution (CVE-2013-0232)
A code execution vulnerability has been reported in ZoneMinder. The vulnerability is due to flaw in the index.php script that is triggered when user supplied input used in the /includes/actions.php file is passed from the 'runeState' parameter to the 'packageControl, which calls exec with user...
Multiple IP Video/Camera Server Default Admin Credentials (HTTP)
The remote IP Video/Camera server web interface is using known default credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...
CVE-2013-0232
includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 runState parameter in the packageControl function; or 2 key or 3 command parameter in the setDeviceStatusX10 function...