📄 AnyCommand 1.2.7 Unauthenticated Live Desktop Stream Access

AnyCommand 1.2.7 exposes a live MJPEG screen stream at http://target:8081/stream without access control. Unauthenticated attackers can directly access and view the victim’s live screen feed without triggering any prompts or requiring a valid session. Exploit Title: AnyCommand 1.2.7 -...

📄 Remote for Windows 2024.15 Desktop Stream Disclosure

Remote for Windows version 2024.15 has a vulnerability that allows any unauthenticated attacker to access a real-time H.264 stream of the victim’s Windows/Mac desktop. This is achieved by querying the /api/getVersion endpoint to retrieve the liveview.port, and then opening a TCP connection to tha...