94 matches found
PYSEC-2022-43141
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
CVE-2022-25568
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
CVE-2022-25568
Summary of CVE-2022-25568 (MotionEye) : MotionEye versions 0.42.1 and earlier allow unauthenticated attackers to retrieve sensitive configuration data via a GET to /config/list when a regular user password is not configured. The risk arises from insufficient access controls on the /config/list en...
CVE-2022-25568
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
PT-2022-17371 · Motioneye · Motioneye
Name of the Vulnerable Software and Affected Versions: MotionEye versions 0.42.1 and below Description: The issue allows attackers to access sensitive information via a GET request to "/config/list". To exploit this, a regular user password must be unconfigured. Recommendations: For MotionEye...
MotionEye-Project MotionEye 信息泄露漏洞
MotionEye-Project MotionEye is a web-based motion front-end from the individual developer Calin Crisan. A security vulnerability exists in MotionEye-Project MotionEye v0.42.1 and prior versions, which stems from the application's lack of permissions restriction and filtering for GET requests to...
GHSA-M2C7-42RF-C62F Unrestricted Upload of File with Dangerous Type in motionEye
motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials. The GitHub repositories for...
Unrestricted Upload of File with Dangerous Type in motionEye
motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials. The GitHub repositories for...
CVE-2021-44255
Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...
CVE-2021-44255
Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...
Design/Logic Flaw
Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...
CVE-2021-44255
MotionEye (≤ 0.42.1) and MotionEyeOS (≤ 20200606) expose an authenticated RCE via uploading a configuration backup containing a malicious Python pickle. This allows a remote attacker to execute arbitrary code on the server when the installation is reachable over the Internet with weak/absent auth...
CVE-2021-44255
Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...
motionEyeOS和MotionEye-Project MotionEye 访问控制错误漏洞
Both motionEyeOS and MotionEye-Project MotionEye are products of Calin Crisan, an individual developer. motionEyeOS is a video surveillance operating system for single-board computers. motionEye-Project MotionEye is a web-based motion front-end. An access control error vulnerability exists in...