76 matches found
CVE-2020-9039
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints they allow unauthenticated access.The /settings REST endpoint exposed by the projector process is an endpoint that...
Design/Logic Flaw
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints they allow unauthenticated access.The /settings REST endpoint exposed by the projector process is an endpoint that...
Hardcoded credentials
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded...
ASUS B1M projector remote commands execution Vulnerability
We recently obtained a ASUS B1M projector0 and have been exploring its capabilities when we discovered trivial to exploit vulnerabilities. The ASUS B1M features a small Wi-Fi adapter for a direct wireless connection to a notebook PC, or Android and iOS devices. The projector comes with an embedde...
Vyomy 3D Hologram Projector - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Vyomy 3D Hologram Projector published at the 'play' market has multiple vulnerabilities...
InFocus IN3128HD Projector Validates Bypass Vulnerability
The InFocus IN3128HD projector is a projector product used in the education industry. The InFocus IN3128HD firmware version 0.26 fails to properly handle user access, allowing remote attackers to bypass authentication and gain unauthorized access by sending a main.html request...
CVE-2014-8384
The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request...
Cross site request forgery (csrf)
The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request...
CVE-2014-8384
The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request...
CVE-2014-8383
The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html...
CVE-2014-8383
The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html...
CVE-2014-8383
The CVE-2014-8383 entry concerns the InFocus IN3128HD projector with firmware 0.26. Public sources describe an authentication bypass in the web interface (by accessing /main.html after login) and missing authentication for the CGI file /cgi-bin/webctrl.cgi.elf, enabling unauthenticated access to ...
CVE-2014-8384
The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request...
CVE-2014-8384
The CVE-2014-8384 entry concerns the InFocus IN3128HD projector (firmware 0.26). The issue is missing authentication for the CGI file webctrl.cgi.elf in cgi-bin, allowing an unauthenticated remote attacker to modify DHCP/server IP configurations, reboot the device, and change the device hostname,...
Authentication Vulnerabilities Identified in Projector Firmware
The manufacturer of a popular projector found primarily in classrooms is neglecting to address several authentication bugs that exist in the device that could open it up to hacks. It’s technically the firmware for the projector, InFocus IN3128HD, version 0.26, that’s vulnerable. The web interface...
InFocus IN3128HD Projector Missing Authentication Vulnerability
The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable. 1. Adviso...