50 matches found
PT-2022-27512 · Dahua · Dahua
Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue allows an attacker to enable or disable the SSHD service without authentication. This can be achieved by sending a crafted packet to the vulnerable interface after...
PT-2022-27506 · Dahua · Dahua
Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue concerns a vulnerability that allows an attacker to obtain encrypted MQTT credentials through an unauthenticated request by sending a crafted packet to the...
CVE-2022-30560
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash...
CVE-2022-30560
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash...
Code injection
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash...
CVE-2021-31616
Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.1.0 allow a stack buffer overflow via crafted messages. The overflow in ethereumextractThorchainSwapData in ethereum.c can circumvent stack protections and lead to code execution. The vulnerable interface is...
CVE-2019-10724
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520TZ370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642...
Logic Flaw Vulnerability in the Security Authentication of a Dahua Webcam Model
Zhejiang Dahua Technology Co., Ltd, is a video-centered intelligent IOT solution provider and operation service provider. A logic flaw vulnerability exists in the security authentication of a Dahua webcam model, which allows an attacker to forge packets and call the interface to execute arbitrary...
RANGER Studio Directus Code Execution Vulnerability (CNVD-2019-39679)
RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. A security vulnerability exists in the RANGER Studio Directus 7...
Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1107 Windows: COM Aggregate Marshaler/IRemUnknown2 Type Confusion EoP Platform: Windows 10 10586/14393 not tested 8.1 Update 2 Class: Elevation of Privilege Summary: When...