99 matches found
motionEye's World-Readable Configuration File Exposes Admin Password Hash
Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...
GHSA-RHGP-6WQ6-9J67 motionEye's World-Readable Configuration File Exposes Admin Password Hash
Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...
motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
Summary motionEye v0.43.1 latest stable is vulnerable to path traversal in the picture and movie API endpoints, like /picture/id/preview/filename. Neither the API handlers, nor the mediafiles.py functions like getmediapreview check for .. sequences in the filename parameter, except getmediaconten...
GHSA-G9FX-5R4H-PCW3 motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
Summary motionEye v0.43.1 latest stable is vulnerable to path traversal in the picture and movie API endpoints, like /picture/id/preview/filename. Neither the API handlers, nor the mediafiles.py functions like getmediapreview check for .. sequences in the filename parameter, except getmediaconten...
PT-2026-51430
Name of the Vulnerable Software and Affected Versions motionEye version 0.43.1 Description An absolute path traversal issue exists in the picture and movie API endpoints, such as '/picture/id/preview/filename'. The vulnerability occurs because the API handlers and functions get media preview and...
PT-2026-51431
Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description Configuration files /etc/motioneye/motion.conf and camera-.conf are created with 644 permissions, making them readable by any local user on the system. The motion.conf file contains sensitive data...
PT-2026-51445
Name of the Vulnerable Software and Affected Versions MotionEye affected versions not specified Description An authentication bypass occurs because the application improperly trusts client-controlled cookies. The server accepts the cookies meye username and meye password hash as sufficient...
CVE-2026-46488
creationtimestamp| type| source ---|---|--- 2026-06-20 16:48:06+00:00| published-proof-of-concept| https://github.com/motioneye-project/motioneye/security/advisories/GHSA-r3cw-c95m-wfh9...
CVE-2026-31978
creationtimestamp| type| source ---|---|--- 2026-06-20 16:47:55+00:00| published-proof-of-concept| https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g9fx-5r4h-pcw3...
CVE-2026-32315
creationtimestamp| type| source ---|---|--- 2026-06-20 16:47:31+00:00| published-proof-of-concept| https://github.com/motioneye-project/motioneye/security/advisories/GHSA-rhgp-6wq6-9j67 2026-06-24 23:13:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp324me4xg2i...
CVE-2026-55488
creationtimestamp| type| source ---|---|--- 2026-06-20 16:47:06+00:00| published-proof-of-concept| https://github.com/motioneye-project/motioneye/security/advisories/GHSA-rw9q-97r9-8gvh 2026-07-13 22:00:16+00:00| seen| https://t.me/GithubRedTeam/91371 2026-07-14 00:00:32+00:00| seen|...
ffensive-playbook
HackTheBox — Writeups Collection A collection of HackTheBox m...
ofensive-playbook
HackTheBox — Writeups Collection A collection of HackTheBox m...
Exploit for OS Command Injection in Motioneye_Project Motioneye
CVE-2025-60787 MotionEye v0.43.1b4 OS Command Injection A pr...
Exploit for OS Command Injection in Motioneye_Project Motioneye
No d...
Exploit for OS Command Injection in Motioneye_Project Motioneye
CVE-2025-60787 - Authenticated RCE in motionEye PoC for CVE-...
Exploit for OS Command Injection in Motioneye_Project Motioneye
CVE-2025-60787: Motioneye Remote Code Execution RCE !CVE...
Exploit for OS Command Injection in Motioneye_Project Motioneye
CVE-2025-60787 Detection Rules Detection content for CVE-20...
📄 motionEye 0.43.1b4 Remote Command Injection
A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...
motionEye 0.43.1b4 - RCE
Exploit Title: motionEye 0.43.1b4 - RCE Exploit PoC: motionEye RCE via client-side validation bypass safe PoC Filename: motioneyercepocedb.txt Author: prabhatverma47 Date tested: 2025-05-14 original test; prepared for submission: 2025-10-11 Affected Versions: motionEye = 0.43.1b4 Tested on: Debia...