10 matches found
EUVD-2025-5495
Malicious code in bioql PyPI...
EUVD-2024-53444
Malicious code in bioql PyPI...
GeoVision GV-ASManager 6.1.1.0 - CSRF
Exploit Title: GeoVision GV-ASManager 6.1.1.0 - CSRF Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.1.0 or less Tested on: Windo...
CVE-2025-26264
GeoVision GV-ASWeb with the version 6.1.2.0 or less fixed in 6.2.0, contains a Remote Code Execution RCE vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server,...
CVE-2025-26264
GeoVision GV-ASWeb with the version 6.1.2.0 or less fixed in 6.2.0, contains a Remote Code Execution RCE vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server,...
CVE-2024-56901
A Cross-Site Request Forgery CSRF vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF...
CVE-2024-12553
CVE-2024-12553 concerns GeoVision GV-ASManager. The vulnerability exists in the GV‑ASWeb service and stems from a lack of authorization before accessing functionality, enabling a remote attacker to disclose stored credentials. Although authentication is required to exploit, attackers may rely on ...
GeoVision GV-VR360 and GV-VD8700 Path Traversal (CVE-2019-13408)
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. This plugin only works with Tenable.ot. Please visit...
Geo Vision (CVE-2019-11064)
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator's account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any...
PT-2024-8246
Name of the Vulnerable Software and Affected Versions GeoVision GV-VS12 versions GeoVision GV-VS11 versions GeoVision GV-DSP LPR V3 versions GeoVision GVLX 4 V2 versions GeoVision GVLX 4 V3 versions Description The issue is related to an OS Command Injection vulnerability in certain end-of-life E...