EUVD-2025-19631

Malicious code in bioql PyPI...

EUVD-2025-19644

Malicious code in bioql PyPI...

CVE-2025-34051

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...

CVE-2025-34054

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...

CVE-2025-34051

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...

CVE-2025-34054

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...

CVE-2025-34054 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...

CVE-2025-34054 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...

CVE-2025-34054

AVTECH DVR devices are affected by CVE-2025-34054, an unauthenticated command injection via Search.cgi?action=cgi_query. The vulnerability stems from using wget without input sanitization, allowing an attacker to inject shell commands through the username or queryb64str parameters and execute the...

CVE-2025-34051 AVTECH DVR Devices Server-Side Request Forgery

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...

CVE-2025-34051 AVTECH DVR Devices Server-Side Request Forgery

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests...

CVE-2025-34051

CVE-2025-34051 describes a server-side request forgery in AVTECH DVR devices. The unauthenticated vulnerability targets /cgi-bin/nobody/Search.cgi?action=cgi_query and lets an attacker supply ip, port, and queryb64str to force the DVR to perform arbitrary HTTP requests, potentially leaking data o...

AVTECH DVR 安全漏洞

AVTECH DVR is a digital video recording host from AVTECH Corporation. A security vulnerability exists in AVTECH DVR that originates from a server-side request forgery in the unauthenticated /cgi-bin/nobody/Search.cgi endpoint, which could lead to the disclosure of sensitive data...

PT-2025-27539 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH DVR, NVR, and IP camera devices affected versions not specified Description: An OS command injection issue exists within the "adcommand.cgi" endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the...

PT-2025-27535 · Avtech · Avtech Dvr

Name of the Vulnerable Software and Affected Versions: AVTECH DVR devices affected versions not specified Description: A server-side request forgery issue exists in AVTECH DVR devices, exposing the "/cgi-bin/nobody/Search.cgi?action=cgi query" endpoint without authentication. An attacker can...

PT-2025-27538

Name of the Vulnerable Software and Affected Versions: AVTECH DVR devices affected versions not specified Description: An unauthenticated command injection issue exists in AVTECH DVR devices. This is due to the lack of input sanitization when using wget in the "Search.cgi?action=cgi query"...

AVTECH 744 DVR Account Information Retrieval

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AVTECH 744 DVR Account Information Retrieval', 'Description' = %q This module will extract the account information from the AVTECH 744 DVR device...

VulnCheck KEV: CVE-2025-34054

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence...

AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ AVTECH DVR multiple vulnerabilities 1. Advisory Information Title: AVTECH DVR multiple vulnerabilities Advisory ID: CORE-2013-0726 Advisory URL:...

EUVD-2013-4825

Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service device crash and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers paramete...