29 matches found
CVE-2021-27184
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...
CVE-2021-27232
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage...
EUVD-2021-13962
Malware in sbrugna...
EUVD-2021-13951
Malware in sbrugna...
EUVD-2021-13997
Malware in sbrugna...
CVE-2021-27197
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page e.g., with...
CVE-2021-27232
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage...
CVE-2021-27232
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage...
Stack overflow
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage...
CVE-2021-27232
The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage...
CVE-2021-27232
The CVE concerns the RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464. The SetCameraConnectionParameter is described as a stack-based buffer overflow, enabling a remote attacker to potentially execute arbitrary attacker-supplied code. Exploitation requires a victim to ...
CVE-2021-27197
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page e.g., with...
CVE-2021-27197
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page e.g., with...
Arbitrary file deletion
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page e.g., with...
CVE-2021-27197
DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability. The AppendToTextFile method doesn't check if it's being called from the application or from a malicious user. The vulnerability is triggered when a remote attacker crafts an HTML page e.g., with...
CVE-2021-27197
CVE-2021-27197 affects Pelco Digital Sentry Server prior to 7.19.67, where DSUtility.dll exposes an arbitrary file write via AppendToTextFile. The vulnerability is exploitable when a remote attacker crafts a malicious HTML page (e.g., with OBJECT classid and VBScript) to overwrite arbitrary files...
Pelco Digital Sentry Server Access Control Error Vulnerability
An access control error vulnerability exists in Pelco Digital Sentry Server before 7.19.67 that allows arbitrary file writes...
CVE-2021-27184
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...
Xxe
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...
CVE-2021-27184
Pelco Digital Sentry Server 7.18.72.11464 is vulnerable to XML External Entity (XXE) processing in DSControlPoint.exe when parsing ControlPointCacheShare.xml in %APPDATA% Pelco, enabling disclosure of arbitrary data on the affected node via an out-of-band (OOB) attack. Root cause is unsanitized i...