Lucene search
K

335 matches found

Cvelist
Cvelist
added 2019/07/10 1:25 p.m.22 views

CVE-2018-14496

Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocalbuff4326, and setgetparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or...

10AI score0.04064EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2019/07/10 1:20 p.m.12 views

CVE-2018-14495

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...

7.6AI score0.04412EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/07/10 1:20 p.m.20 views

CVE-2018-14495

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...

9.9AI score0.04412EPSS
Exploits1References2
CVE
CVE
added 2019/07/10 1:20 p.m.58 views

CVE-2018-14495

CVE-2018-14495 concerns Vivotek FD8136 devices with a reported Remote Command Injection vulnerability. Connected sources (Red Hat CVEs RH:CVE-2018-14494 and RH:CVE-2018-14495) describe a related issue and indicate vendor disputes, noting that the vulnerability is contested and may not affect curr...

10CVSS9.8AI score0.04412EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/07/10 1:15 p.m.2 views

CVE-2018-14494

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...

9.8CVSS5.8AI score0.03232EPSS
Exploits0References2
NVD
NVD
added 2019/07/10 1:15 p.m.9 views

CVE-2018-14494

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...

10CVSS9.6AI score0.03232EPSS
Exploits0References2
Prion
Prion
added 2019/07/10 1:15 p.m.22 views

Command injection

DISPUTED Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivot...

10CVSS9.6AI score0.03232EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/07/10 12:56 p.m.51 views

CVE-2018-14494

CVE-2018-14494 concerns Vivotek FD8136 devices and is described as a Remote Command Injection in evidence related to BusyBox and wget. The connected Red Hat and other entries reiterate this as a vulnerability affecting the FD8136, but the Red Hat notes also classify it as historical and not appli...

10CVSS9.5AI score0.03232EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/10 12:56 p.m.17 views

CVE-2018-14494

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...

9.6AI score0.03232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/07/10 12:0 a.m.8 views

PT-2019-9030 · Vivotek +2 · Vivotek Fd8136 +2

Name of the Vulnerable Software and Affected Versions: Vivotek FD8136 affected versions not specified Description: The issue allows for Remote Command Injection, related to BusyBox and wget. It is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware...

10CVSS7.1AI score0.03232EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/07/10 12:0 a.m.8 views

PT-2019-9032 · Vivotek · Vivotek Fd8136

Name of the Vulnerable Software and Affected Versions: Vivotek FD8136 devices affected versions not specified Description: The issue is related to a stack-based buffer overflow, which can lead to remote memory corruption and remote code execution. This is connected to the use of sprintf, vlocal...

9.8CVSS8.2AI score0.04064EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/07/10 12:0 a.m.6 views

PT-2019-9031 · Vivotek · Vivotek Fd8136

Name of the Vulnerable Software and Affected Versions: Vivotek FD8136 devices affected versions not specified Description: The issue allows for Remote Command Injection. It is noted that this is a different issue from other known vulnerabilities. The vendor has disputed this as a vulnerability,...

10CVSS7.3AI score0.04412EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2019/05/03 12:0 a.m.54 views

Vivotek NVR Default Credentials (HTTP)

The remote installation of Vivotek NVR is using known default credentials for its web interface. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public...

7.5AI score
Exploits0References2
CNVD
CNVD
added 2019/01/07 12:0 a.m.4 views

Cross-site scripting vulnerability in VIVOTEK Network Camera series products (CNVD-2019-00683)

VIVOTEK Network Camera Series is a series of network camera products from China VIVOTEK. A cross-site scripting vulnerability exists in the eventscript.js file in the VIVOTEK Network Camera Series using firmware versions 0x06x to 0x08x. The vulnerability can be exploited by a remote attacker to...

6.1CVSS6.6AI score0.00803EPSS
Exploits1References1
CNVD
CNVD
added 2019/01/04 12:0 a.m.5 views

VIVOTEK Network Camera Series Product Cross-Site Scripting Vulnerability

VIVOTEK Network Camera Series is a series of network camera products from China VIVOTEK. A cross-site scripting vulnerability exists in the syslog.html file of VIVOTEK Network Camera Series products using firmware versions 0x06x to 0x08x, which can be exploited by remote attackers to execute...

6.1CVSS6.8AI score0.00803EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2019/01/04 12:0 a.m.26 views

Vivotek NVR Detection

Detection of Vivotek SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.114060";...

7.1AI score
Exploits0References1
NVD
NVD
added 2019/01/03 8:29 p.m.16 views

CVE-2018-18004

Incorrect Access Control in modinetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter...

5.3CVSS5.4AI score0.0093EPSS
Exploits1References2
NVD
NVD
added 2019/01/03 8:29 p.m.24 views

CVE-2018-18244

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...

6.1CVSS6.5AI score0.00803EPSS
Exploits1References2
NVD
NVD
added 2019/01/03 8:29 p.m.13 views

CVE-2018-18005

Cross-site scripting in eventscript.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter...

6.1CVSS6.4AI score0.00803EPSS
Exploits1References2
Prion
Prion
added 2019/01/03 8:29 p.m.16 views

Improper access control

Incorrect Access Control in modinetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter...

5CVSS5.4AI score0.0093EPSS
Exploits1References2
Rows per page
Query Builder