340 matches found
GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability
Summary A guessable session cookie vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability. Confirmed...
GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...
GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vulnerabilities
Summary Multiple exploitable reflected cross-site scripting XSS vulnerabilities exist in the Web Interface / ssi.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to...
GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability
Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...
GeoVision GV-VMS V20 WebCam Server stack overflow vulnerabilities
Summary Multiple exploitable stack overflow vulnerabilities exist in the WebCam Server functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities...
GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...
GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability
Summary A stack overflow vulnerability exists in the WebCam Server Login functionality of GV-VMS V20 versions: 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Confirmed Vulnerable...
CVE-2026-7841
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
CVE-2026-7371
Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...
CVE-2026-42366
Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...
CVE-2026-42365
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability...
CVE-2026-42363
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...
CVE-2026-7841
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
CVE-2026-7841
GV-ASWeb 6.2.0 contains a remote code execution via the ASWebCommon.srf backend when an authenticated user with System Setting permissions sends a crafted HTTP POST to bypass frontend restrictions. CVSSv3.1: 8.8 (HIGH), AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Exploitation status is not provided in t...
CVE-2026-7841 GV-ASWeb Remote Code Execution (RCE) vulnerability
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
CVE-2026-7841 GV-ASWeb Remote Code Execution (RCE) vulnerability
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
CVE-2026-7841
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
EUVD-2026-27546
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
Geovision GV-ASWeb 代码注入漏洞
Geovision GV-ASWeb is a web-based software developed by Geovision Corporation. It is used for remote access and configuration of the GV-ASManager’s database. Version 6.2.0 of Geovision GV-ASWeb contains a code injection vulnerability. This vulnerability stems from a remote code execution issue in...
PT-2026-37354
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...