Lucene search
K

94 matches found

Snyk
Snyk
added 2025/11/03 9:48 p.m.4 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the Web UI. An attacker can execute arbitrary system commands by supplying crafted input to configuration fields such as imagefilename and moviefilename, that are written directly to...

8.6CVSS6AI score0.18993EPSS
Exploits17References3
OSV
OSV
added 2025/11/03 9:48 p.m.6 views

GHSA-J945-QM58-4GJX motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

7.2CVSS8.6AI score0.18993EPSS
Exploits17References4
Github Security Blog
Github Security Blog
added 2025/11/03 9:48 p.m.14 views

motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

7.2CVSS8.6AI score0.18993EPSS
Exploits17References4Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2025/10/17 6:48 p.m.7 views

Metasploit Wrap-Up 10/17/2025

New module content 1 Remote Code Execution Vulnerability in MotionEye Frontend CVE-2025-60787 Authors: Maksim Rogov and prabhatverma47 Type: Exploit Pull request: 20585 contributed by vognik Path: linux/http/motioneyeauthrcecve202560787 AttackerKB reference: CVE-2025-60787 Description: Adds a...

7.2CVSS7.4AI score0.18993EPSS
Exploits17
Metasploit
Metasploit
added 2025/10/10 6:57 p.m.1002 views

Remote Code Execution Vulnerability in MotionEye Frontend (CVE-2025-60787)

This module exploits a template injection vulnerability in the MotionEye Frontend. MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to MotionEye Frontend configuration files,...

7.2CVSS6.1AI score0.18993EPSS
Exploits17
Packet Storm
Packet Storm
added 2025/10/10 12:0 a.m.164 views

📄 MotionEye Frontend 0.43.1b4 Remote Code Execution

This Metasploit module exploits a template injection vulnerability in the MotionEye Frontend. MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS command injection in configuration parameters such as imagefilename. Unsanitized user input is written to MotionEye Frontend...

7.2CVSS8.5AI score0.18993EPSS
Exploits17
RedhatCVE
RedhatCVE
added 2025/10/07 5:35 p.m.6 views

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

7.2CVSS7.8AI score0.18993EPSS
Exploits17References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-32306

Malicious code in bioql PyPI...

7.2CVSS6.6AI score0.18993EPSS
Exploits17References3
OSV
OSV
added 2025/10/03 6:31 p.m.3 views

GHSA-26F6-WM47-7H7J Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j945-qm58-4gjx. This link is maintained to preserve external references. Original Description MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilenam...

7.2CVSS7.8AI score0.18993EPSS
Exploits17References3
Github Security Blog
Github Security Blog
added 2025/10/03 6:31 p.m.12 views

Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j945-qm58-4gjx. This link is maintained to preserve external references. Original Description MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilenam...

7.2CVSS7.8AI score0.18993EPSS
Exploits17References4Affected Software1
NVD
NVD
added 2025/10/03 4:16 p.m.8 views

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

7.2CVSS0.18993EPSS
Exploits17References1
GithubExploit
GithubExploit
added 2025/10/03 3:20 p.m.648 views

Exploit for CVE-2025-60787

CVE-2025-60787 CVE-2025-60787 Poc - RCE - MotionEye = 0.43...

8.6AI score0.18993EPSS
Exploits17
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.4 views

PT-2025-40530

Name of the Vulnerable Software and Affected Versions MotionEye versions 0.43.1b4 and earlier Description MotionEye is susceptible to a command injection issue that allows attackers to achieve Remote Code Execution RCE. The vulnerability arises because MotionEye writes user-supplied values direct...

7.2CVSS6.1AI score0.18993EPSS
Exploits17References18
OSV
OSV
added 2025/10/03 12:0 a.m.7 views

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

7.2CVSS7.9AI score0.18993EPSS
Exploits17References3
Vulnrichment
Vulnrichment
added 2025/10/03 12:0 a.m.5 views

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

7.5AI score0.18993EPSS
Exploits17References1
CVE
CVE
added 2025/10/03 12:0 a.m.200 views

CVE-2025-60787

Summary: CVE-2025-60787 affects MotionEye versions ≤ 0.43.1b4, enabling OS Command Injection via unsanitized configuration fields such as image_file_name written to /etc/motioneye/camera-*.conf. On restart, the vulnerable Motion process parses these fields as shell commands, leading to Remote Cod...

7.2CVSS7.5AI score0.18993EPSS
Exploits17References1Affected Software1
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.22 views

MotionEye 安全漏洞

motionEye is a daemon web front-end for motionEye open source. A security vulnerability exists in MotionEye v0.43.1b4 and earlier versions, which stems from a configuration parameter that is not cleaned of user input and could lead to an OS command injection attack...

7.2CVSS6.9AI score0.18993EPSS
Exploits17References2
Cvelist
Cvelist
added 2025/10/03 12:0 a.m.16 views

CVE-2025-60787

MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilename. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted...

0.18993EPSS
Exploits17References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:6 a.m.4 views

CVE-2022-25568

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

7.5CVSS6.5AI score0.06829EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/16 4:9 p.m.12 views

CVE-2025-47782

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

9.3CVSS7.3AI score0.00407EPSS
Exploits0References1
Rows per page
Query Builder