88 matches found
Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload
Samsung NVR Recorder SRN-1670D is a high performance network video recorder. An arbitrary file upload vulnerability was found in the Web Viewer component, which could allow an authenticated user to upload a PHP payload to get code execution. Recent assessments: jvazquez-r7 at September 12, 2019...
Virtual Postage (VPA) - Man In The Middle Remote Code Execution
Exploit Title: Virtual Postage VPA - Remote Code Execution via MITM Date: 20/Jul/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a2.virtualpostage.com http://archive.is/EdtJT Software Link: N/A Screenshot: N/A Version: 1.0 Tested on: Android 4.1.0 Google API...
SonicDICOM PACS 2.3.2 - Cross-Site Scripting
SonicDICOM PACS 2.3.2 Multiple Stored Cross-Site Scripting Vulnerabilities Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewe...
CVE-2015-8281
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations...
CVE-2015-8280
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages...
CVE-2015-8279
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script...
Default credentials
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages...
Design/Logic Flaw
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations...
Design/Logic Flaw
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script...
CVE-2015-8281
CVE-2015-8281 affects Samsung SRN-1670D Web Viewer 1.0.0.193. The root cause is a weak, custom encryption scheme based on XOR operations, enabling a remote attacker to bypass filesystem encryption and access arbitrary files (unauthenticated, per the NVD CVSSv3/7.8 base). Connected sources also in...
CVE-2015-8281
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations...
CVE-2015-8280
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages...
CVE-2015-8279
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script...
CVE-2015-8279
CVE-2015-8279 affects Samsung SRN-1670D Web Viewer 1.0.0.193, enabling remote arbitrary file read via an unspecified PHP script. Connected records link this to credential exposure through cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw, and to later modules describing chained access ...
CVE-2015-8280
CVE-2015-8280 affects Samsung SRN-1670D Web Viewer 1.0.0.193. The issue is information disclosure: remote attackers can discover credentials by reading detailed error messages, per NVD entry. Other sources (CERT/CC) indicate no practical solution known and note the model is no longer supported; n...
Debian: Security Advisory (DSA-3137-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-3586
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie...
Authentication flaw
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie...
Information disclosure
Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving 1 direct access to a file or 2 the user-setup web page...
Samsung Web Viewer for Samsung DVR allows authentication bypass and password disclosure
Overview Samsung Web Viewer for Samsung DVR contains multiple vulnerabilities including: Cleartext Storage in a File or on Disk CWE-313 and Authentication Bypass by Assumed-Immutable Data CWE-302. Description CWE-313: Cleartext Storage in a File or on Disk - CVE-2013-3585Web Viewer for Samsung DV...