CVE-2012-10047 Cyclope Employee Surveillance Solution v6.x SQL Injection

Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a...

Cyclope Employee Surveillance Solution 安全漏洞

Cyclope Employee Surveillance Solution is an employee monitoring software from Cyclope, Inc. A security vulnerability exists in Cyclope Employee Surveillance Solution version 6.x, which stems from the username parameter not being cleaned up in the auth-login request, and could lead to SQL injecti...

USN-5889-1: ZoneMinder vulnerabilities

It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting XSS attack. This issue was only fixed in Ubuntu 16.04 ESM. CVE-2019-6777 It was discovered that ZoneMinder was not properly...

Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability

News of a zero-click zero-day in Apple’s iMessage feature being incorporated into the notorious Pegasus mobile spyware from NSO Group has drawn a variety of reactions from the security community, including concerns about the security of Apple’s closed ecosystem, and varying views on NSO Group’s...

NUUO NVR Unauthenticated Remote Code Execution

Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...

Cyclope Employee Surveillance Solution 6.0/6.1.0/6.2.0/6.2.1/6.3.0 - SQL Injection

No description provided by source. Author: loneferret of Offensive Security Product: Cyclope Employee Surveillance Solution v6.0 Version: 6.0 Vendor Site: http://www.cyclope-series.com/ Software Download: http://www.cyclope-series.com/download/index.html Software description: The employee...

Cyclope Employee Surveillance Solution Local File Inclusion Vulnerability

This host is running Cyclope Employee Surveillance Solution and is prone to local file inclusion vulnerability. OpenVAS Vulnerability Test $Id: gbcyclopeemployeesurveillancelfivuln.nasl 7577 2017-10-26 10:41:56Z cfischer $ Cyclope Employee Surveillance Solution Local File Inclusion Vulnerability...

Cyclope Employee Surveillance Solution 6.0 - SQL Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Cyclope Employee...

Cyclope Employee Surveillance Solution < 6.2.1 SQLi Vulnerability - Active Check

Cyclope Employee Surveillance Solution is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Cyclope Employee Surveillance Solution v6 SQL Injection

This module exploits a SQL injection found in Cyclope Employee Surveillance Solution. Because the login script does not properly handle the user-supplied username parameter, a malicious user can manipulate the SQL query, and allows arbitrary code execution under the context of 'SYSTEM'. This modu...

Cyclope Employee Surveillance Solution 6.0/6.1.0/6.2.0/6.2.1/6.3.0 - SQL Injection

Author: loneferret of Offensive Security Product: Cyclope Employee Surveillance Solution v6.0 Version: 6.0 Vendor Site: http://www.cyclope-series.com/ Software Download: http://www.cyclope-series.com/download/index.html Software description: The employee monitoring software developed by...

ZoneMinder Multiple Vulnerabilities

ZoneMinder Multiple Vulnerabilities by Filip Palian filip dot palian at pjwstk dot edu dot pl Software affected: ZoneMinder = 1.23.3 Severity: Critical Description from the vendor site: ZoneMinder is an integrated set of applications which provide a complete surveillance solution allowing capture...