EUVD-2023-58033

Malicious code in bioql PyPI...

Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump', 'Description' = %q This module uses a blind SQL injection CVE-2020-572...

Hanwha Vision IP Cameras Command Injection (CVE-2023-5747)

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has releas...

Hanwha Vision NVR Buffer Overflow (CVE-2019-12223)

The NVR can be rebooted via external attack continuously if it can be access via the public network. During the time, video transmission and recording will not be operated. Also, Exploiting the vulnerability is trivial and requires very low skill level. The listed NVR is vulnerable to allow remot...

CVE-2023-5747

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has releas...

CVE-2023-5747

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has releas...

Command injection

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has releas...

CVE-2023-5747 Command injection via wave install file

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has releas...

CVE-2023-5747

CVE-2023-5747 affects Hanwha Vision Wave server application on camera devices. The flaw enables remote code execution via command injection during the installation process of Wave, allowing arbitrary code execution on the device. Public disclosures describe a vulnerability in the Wave server that...

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers By Trellix · August 3, 2022 This story was written by Philippe Laulheret. Summary The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under...

Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service Exploit

Exploit for hardware platform in category dos / poc !/usr/bin/python Exploit Title: CVE-2017-6552 - Local DoS Buffer Overflow Livebox 3 Date: 09/03/2017 Exploit Author: Quentin Olagne Vendor Homepage: http://www.orange.fr/ Version: SG30sip-fr-5.15.8.1 Tested on: Livebox 3 - Sagemcom CVE :...

NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities

NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities Title: ==== NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-6023, CVE-2015-6024 Date: ====...

Netgear Router Vulnerabilities Public Exploits

A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the companies that privately...

D-Link / TRENDnet ncc2 CSRF / Unauthenticated Access

D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities Discovered by: ---- Peter Adkins Access: ---- Local network; unauthenticated access. Remote network; unauthenticated access. Remote network; 'drive-by' via CSRF. Tracking and identifiers: ---- CVE - Mitre contacted; not yet allocated...

GE Ethernet Switches Have Hard-Coded SSL Key

There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number...

TP-LINK WDR4300 XSS / Denial Of Service

Advisory Information =============== Vendors Contacted: TP-LINK Vendor Patched: Yes, Firmware 140916 System Affected: N750 Wireless Dual Band Gigabit Router TL-WDR4300, might affect others. Versions Affected: 130617 , possibly earlier CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728...

TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com TP-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: TP-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0318 Advisory URL:...

TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...

Hard-coded accounts on multiple network cameras

Hard-coded accounts on multiple network cameras =============================================== ADVISORY INFORMATION Title: Hard-coded accounts on multiple network cameras Discovery date: 05/06/2013 Release date: 11/07/2013 Advisory URL: http://goo.gl/82Rlb Credits: Roberto Paleari...

3S Vision / Asante Voyager / ALinking Hardcoded Accounts

Hard-coded accounts on multiple network cameras =============================================== ADVISORY INFORMATION Title: Hard-coded accounts on multiple network cameras Discovery date: 05/06/2013 Release date: 11/07/2013 Advisory URL: http://goo.gl/82Rlb Credits: Roberto Paleari...