Lucene search
K

94 matches found

OSV
OSV
added 2022/03/24 5:15 p.m.7 views

PYSEC-2022-43141

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

7.5CVSS7.4AI score0.06829EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/03/24 4:40 p.m.22 views

CVE-2022-25568

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

7.6AI score0.06829EPSS
Exploits1References2
CVE
CVE
added 2022/03/24 4:40 p.m.104 views

CVE-2022-25568

Summary of CVE-2022-25568 (MotionEye) : MotionEye versions 0.42.1 and earlier allow unauthenticated attackers to retrieve sensitive configuration data via a GET to /config/list when a regular user password is not configured. The risk arises from insufficient access controls on the /config/list en...

7.5CVSS7.3AI score0.06829EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/03/24 4:40 p.m.19 views

CVE-2022-25568

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

7.5CVSS6.5AI score0.06829EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/03/24 12:0 a.m.2 views

PT-2022-17371 · Motioneye · Motioneye

Name of the Vulnerable Software and Affected Versions: MotionEye versions 0.42.1 and below Description: The issue allows attackers to access sensitive information via a GET request to "/config/list". To exploit this, a regular user password must be unconfigured. Recommendations: For MotionEye...

7.5CVSS7.3AI score0.06829EPSS
Exploits1References10
CNNVD
CNNVD
added 2022/03/24 12:0 a.m.4 views

MotionEye-Project MotionEye 信息泄露漏洞

MotionEye-Project MotionEye is a web-based motion front-end from the individual developer Calin Crisan. A security vulnerability exists in MotionEye-Project MotionEye v0.42.1 and prior versions, which stems from the application's lack of permissions restriction and filtering for GET requests to...

7.5CVSS7.2AI score0.06829EPSS
Exploits1References3
OSV
OSV
added 2022/02/01 12:0 a.m.104 views

GHSA-M2C7-42RF-C62F Unrestricted Upload of File with Dangerous Type in motionEye

motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials. The GitHub repositories for...

7.2CVSS7.1AI score0.02951EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/02/01 12:0 a.m.26 views

Unrestricted Upload of File with Dangerous Type in motionEye

motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials. The GitHub repositories for...

7.2CVSS2.6AI score0.02951EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/01/31 12:15 p.m.11 views

CVE-2021-44255

Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...

7.2CVSS8.6AI score
Exploits0References2
NVD
NVD
added 2022/01/31 12:15 p.m.15 views

CVE-2021-44255

Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...

7.2CVSS0.02951EPSS
Exploits0References2
Prion
Prion
added 2022/01/31 12:15 p.m.13 views

Design/Logic Flaw

Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...

6.5CVSS7.4AI score0.02951EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2022/01/31 11:18 a.m.85 views

CVE-2021-44255

MotionEye (≤ 0.42.1) and MotionEyeOS (≤ 20200606) expose an authenticated RCE via uploading a configuration backup containing a malicious Python pickle. This allows a remote attacker to execute arbitrary code on the server when the installation is reachable over the Internet with weak/absent auth...

7.2CVSS7.5AI score0.02951EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/01/31 11:18 a.m.14 views

CVE-2021-44255

Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...

7.7AI score0.02951EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/31 12:0 a.m.4 views

motionEyeOS和MotionEye-Project MotionEye 访问控制错误漏洞

Both motionEyeOS and MotionEye-Project MotionEye are products of Calin Crisan, an individual developer. motionEyeOS is a video surveillance operating system for single-board computers. motionEye-Project MotionEye is a web-based motion front-end. An access control error vulnerability exists in...

7.2CVSS8.2AI score0.02951EPSS
Exploits0References3
Rows per page
Query Builder