Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com !/bin/bash Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution Vendor: Selea s.r.l. Product web page:...

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa 512 Targa 504 Targa Semplice Targa 704 TKM Targa 805 Targa 710 INOX Targa 750 Targa 704 ILB Firmware: BLD201113005214 BLD20110616374...

Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery

Selea Targa IP OCR-ANPR Camera Unauthenticated SSRF Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa 512 Targa 504 Targa Semplice Targa 704 TKM Targa 805 Targa 710 INOX Targa 750 Targa 704 ILB Firmware: BLD201113005214 BLD201106163745 BLD2003041709...

Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Unauthenticated Directory Traversal File Disclosure Vendor: Selea s.r.l. Product we...

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

CVE-2016-5094

Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function...

Fedora 22 : php (2016-65f1ffdc0c)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

Fedora 23 : php (2016-6b1938566f)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

Fedora 24 : php (2016-b967ac1a74)

26 May 2016, PHP 5.6.22 Core: - Fixed bug 72172 zendhexstrtod should not use strlen. bwitz at hotmail dot com - Fixed bug 72114 Integer underflow / arbitrary null write in fread/gzread. Stas - Fixed bug 72135 Integer Overflow in phphtmlentities. Stas GD: - Fixed bug 72227 imagescale out-of-bounds...

Internet Bug Bounty: Integer Overflow in _gd2GetHeader() resulting in heap overflow

The gd2GetHeader is prone to an integer overflow, which result in heap based overflow. Tested on PHP 5.6.22 --------------- PoC --------------- $ ls poc.gd poc.php $ cat poc.php --------------- Result --------------- /php$ gdb -q --args ./php-5.6.22/sapi/cli/php poc.php Reading symbols from...