Lucene search
+L

99 matches found

Github Security Blog
Github Security Blog
added 2026/06/22 5:11 p.m.11 views

motionEye's World-Readable Configuration File Exposes Admin Password Hash

Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...

7.2CVSS5.8AI score0.18993EPSS
Exploits17References2Affected Software1
OSV
OSV
added 2026/06/22 5:11 p.m.5 views

GHSA-RHGP-6WQ6-9J67 motionEye's World-Readable Configuration File Exposes Admin Password Hash

Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/22 5:10 p.m.10 views

motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

Summary motionEye v0.43.1 latest stable is vulnerable to path traversal in the picture and movie API endpoints, like /picture/id/preview/filename. Neither the API handlers, nor the mediafiles.py functions like getmediapreview check for .. sequences in the filename parameter, except getmediaconten...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 5:10 p.m.6 views

GHSA-G9FX-5R4H-PCW3 motionEye has an Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

Summary motionEye v0.43.1 latest stable is vulnerable to path traversal in the picture and movie API endpoints, like /picture/id/preview/filename. Neither the API handlers, nor the mediafiles.py functions like getmediapreview check for .. sequences in the filename parameter, except getmediaconten...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.39 views

PT-2026-51430

Name of the Vulnerable Software and Affected Versions motionEye version 0.43.1 Description An absolute path traversal issue exists in the picture and movie API endpoints, such as '/picture/id/preview/filename'. The vulnerability occurs because the API handlers and functions get media preview and...

6.5CVSS6AI score0.00418EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.20 views

PT-2026-51431

Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description Configuration files /etc/motioneye/motion.conf and camera-.conf are created with 644 permissions, making them readable by any local user on the system. The motion.conf file contains sensitive data...

5.5CVSS5.7AI score0.02902EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51445

Name of the Vulnerable Software and Affected Versions MotionEye affected versions not specified Description An authentication bypass occurs because the application improperly trusts client-controlled cookies. The server accepts the cookies meye username and meye password hash as sufficient...

9.1CVSS5.8AI score
Exploits0References7
Circl
Circl
added 2026/06/20 4:48 p.m.6 views

CVE-2026-46488

creationtimestamp| type| source ---|---|--- 2026-06-20 16:48:06+00:00| published-proof-of-concept| https://github.com/motioneye-project/motioneye/security/advisories/GHSA-r3cw-c95m-wfh9...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/06/20 4:47 p.m.8 views

CVE-2026-31978

creationtimestamp| type| source ---|---|--- 2026-06-20 16:47:55+00:00| published-proof-of-concept| https://github.com/motioneye-project/motioneye/security/advisories/GHSA-g9fx-5r4h-pcw3...

6.5CVSS5.8AI score0.00418EPSS
Exploits0References1
Circl
Circl
added 2026/06/20 4:47 p.m.12 views

CVE-2026-32315

creationtimestamp| type| source ---|---|--- 2026-06-20 16:47:31+00:00| published-proof-of-concept| https://github.com/motioneye-project/motioneye/security/advisories/GHSA-rhgp-6wq6-9j67 2026-06-24 23:13:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp324me4xg2i...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
Circl
Circl
added 2026/06/20 4:47 p.m.8 views

CVE-2026-55488

creationtimestamp| type| source ---|---|--- 2026-06-20 16:47:06+00:00| published-proof-of-concept| https://github.com/motioneye-project/motioneye/security/advisories/GHSA-rw9q-97r9-8gvh 2026-07-13 22:00:16+00:00| seen| https://t.me/GithubRedTeam/91371 2026-07-14 00:00:32+00:00| seen|...

8.7CVSS6.1AI score0.00623EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/04/16 4:40 p.m.313 views

ffensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS6.4AI score0.75197EPSS
Exploits29
GithubExploit
GithubExploit
added 2026/04/16 4:40 p.m.342 views

ofensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS7.2AI score0.75197EPSS
Exploits29
GithubExploit
GithubExploit
added 2026/03/14 11:16 a.m.342 views

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787 MotionEye v0.43.1b4 OS Command Injection A pr...

8.8CVSS5.9AI score0.18993EPSS
Exploits18
GithubExploit
GithubExploit
added 2026/03/08 4:1 a.m.189 views

Exploit for OS Command Injection in Motioneye_Project Motioneye

No d...

7.2CVSS5.8AI score0.18993EPSS
Exploits17
GithubExploit
GithubExploit
added 2026/03/08 1:47 a.m.250 views

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787 - Authenticated RCE in motionEye PoC for CVE-...

7.2CVSS5.8AI score0.18993EPSS
Exploits17
GithubExploit
GithubExploit
added 2026/03/07 8:45 a.m.358 views

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787: Motioneye Remote Code Execution RCE !CVE...

7.2CVSS6AI score0.18993EPSS
Exploits17
GithubExploit
GithubExploit
added 2026/02/28 8:59 p.m.430 views

Exploit for OS Command Injection in Motioneye_Project Motioneye

CVE-2025-60787 Detection Rules Detection content for CVE-20...

7.2CVSS6.7AI score0.18993EPSS
Exploits17
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.402 views

📄 motionEye 0.43.1b4 Remote Command Injection

A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...

7.2CVSS6.1AI score0.18993EPSS
Exploits17
Exploit DB
Exploit DB
added 2026/02/11 12:0 a.m.284 views

motionEye 0.43.1b4 - RCE

Exploit Title: motionEye 0.43.1b4 - RCE Exploit PoC: motionEye RCE via client-side validation bypass safe PoC Filename: motioneyercepocedb.txt Author: prabhatverma47 Date tested: 2025-05-14 original test; prepared for submission: 2025-10-11 Affected Versions: motionEye = 0.43.1b4 Tested on: Debia...

7.2CVSS5.4AI score0.18993EPSS
Exploits17
Rows per page
Query Builder