Shenzhen TVT Digital Technology Co. Ltd & OEM {DVR/NVR/IPC} API RCE

Subject: Shenzhen TVT Digital Technology Co. Ltd & OEM DVR/NVR/IPC API RCE Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Python PoC: https://github.com/mcw0/PoC/blob/master/TVT-PoC.py Release date: April 9,...

[Full-Disclosure] Icecast 2.0.0 preauth overflow

There exists a remotely exploitable heap overflow in Icecast 2.0.0. The bug exists in the handling of base64 Authorization request. This bug was found in about 40 seconds during a HTTP audit of the web component of Icecast with the fuzzer SMUDGE http://felinemenace.org/nd/SMUDGE/ People complaine...