Lucene search
K

68 matches found

NVD
NVD
added 2023/03/24 10:15 p.m.24 views

CVE-2023-27055

Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request...

7.5CVSS7.4AI score0.00747EPSS
Exploits1References1
Prion
Prion
added 2023/03/24 10:15 p.m.17 views

Design/Logic Flaw

Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request...

5CVSS7.4AI score0.00747EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.4 views

PT-2023-20919 · Aver Information · Ptzapp2

Name of the Vulnerable Software and Affected Versions: Aver Information Inc PTZApp2 version 20.01044.48 Description: The issue allows attackers to access sensitive files via a crafted GET request. Recommendations: For Aver Information Inc PTZApp2 version 20.01044.48, consider restricting access t...

7.5CVSS6.8AI score0.00747EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.4 views

AVer Information PTZApp 路径遍历漏洞

AVer Information PTZApp is an innovative freeware with an upgrade interface from AVer Information China. It is used to control AVer USB cameras. A security vulnerability exists in AVer Information PTZApp version v20.01044.48. An attacker has exploited the vulnerability to access sensitive files v...

7.5CVSS7.3AI score0.00747EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/24 12:0 a.m.6 views

CVE-2023-27055

Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request...

7.4AI score0.00747EPSS
Exploits1References1
CVE
CVE
added 2023/03/24 12:0 a.m.55 views

CVE-2023-27055

The CVE-2023-27055 issue affects Aver Information PTZApp2 prior to update 2.0.1051.53. Affected software exposes a directory traversal (path traversal) vulnerability in the web UI running on localhost, permitting an attacker to read sensitive files via a crafted GET request. Root cause is insuffi...

7.5CVSS7.3AI score0.00747EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/03/24 12:0 a.m.34 views

CVE-2023-27055

Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request...

7.6AI score0.00747EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2021/12/21 12:0 a.m.357 views

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all multipoint video conferencing systems contains multiple advanced features that are not well documented: 1. The web admin server...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/12/21 12:0 a.m.469 views

Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets Vulnerability

Aver EVC300 firmware version 00.10.16.36 suffers from having multiple hard-coded secrets that can allow for access bypass. Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2016/09/27 12:0 a.m.45 views

AVer Information EH6108H+ Authentication Bypass / Inforation Exposure

Vulnerability Note VU667480 AVer Information EH6108H+ hybrid DVR contains multiple vulnerabilities https://www.kb.cert.org/vuls/id/667480 Overview: AVer Information EH6108H+ hybrid DVR, version X9.03.24.00.07l and possibly earlier, reportedly contains multiple vulnerabilities, including...

10CVSS0.0258EPSS
Exploits2
NVD
NVD
added 2016/09/19 1:59 a.m.23 views

CVE-2016-6537

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...

7.5CVSS7.3AI score0.01258EPSS
Exploits2References2
OSV
OSV
added 2016/09/19 1:59 a.m.5 views

CVE-2016-6537

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...

7.5CVSS5.8AI score0.01258EPSS
Exploits2References2
OSV
OSV
added 2016/09/19 1:59 a.m.6 views

CVE-2016-6536

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...

9.8CVSS5.8AI score0.0258EPSS
Exploits2References2
NVD
NVD
added 2016/09/19 1:59 a.m.19 views

CVE-2016-6536

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...

10CVSS9.5AI score0.0258EPSS
Exploits2References2
NVD
NVD
added 2016/09/19 1:59 a.m.23 views

CVE-2016-6535

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session...

10CVSS9.4AI score0.02305EPSS
Exploits2References2
Prion
Prion
added 2016/09/19 1:59 a.m.21 views

Format string

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings...

5CVSS6.6AI score0.01258EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2016/09/19 1:59 a.m.19 views

Hardcoded credentials

AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session...

10CVSS7.4AI score0.02305EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2016/09/19 1:59 a.m.22 views

Design/Logic Flaw

The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value...

10CVSS7.5AI score0.0258EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2016/09/19 1:0 a.m.54 views

CVE-2016-6537

The CVE-2016-6537 entry relates to AVer Information EH6108H+ devices (firmware X9.03.24.00.07l and possibly earlier) that store passwords in base64 and expose credentials in HTTP cookies, enabling information exposure. Connected sources corroborate multiple vulnerabilities in the EH6108H+ DVR: ha...

7.5CVSS7.7AI score0.01258EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2016/09/19 1:0 a.m.52 views

CVE-2016-6536

The CVE-2016-6536 issue affects AVer Information EH6108H+ hybrid DVRs (firmware X9.03.24.00.07l and possibly earlier). The vulnerability enables remote attackers to bypass page-access restrictions or modify passwords by guessing the handle parameter value on the web interface /setup page, potenti...

10CVSS9.4AI score0.0258EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder