Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted. The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending. In this way an attacker can download the entire key via the /self.key URI. The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire NGINX/FastCGI. The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. QVIS NVR DVR before is vulnerable to Remote Code Execution via Java deserialization. In QVIS NVR DVR before, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin". detail »ĭigital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated attackers to view internal paths and scripts via web files. detail »ĭigital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attackers to access the core log file and perform session hijacking via a crafted session token. detail »ĭigital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a cross-site scripting (XSS) vulnerability via the component bia_oneshot.cgi. This vulnerability is exploitable via a crafted POST. detail »ĭigital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. This vulnerability is exploitable via a crafted POST request. detail »ĭigital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/curltest.cgi. detail »ĭigital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/license/license_tok.cgi. detail »Īn authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. This can be exploited to inject and execute arbitrary shell commands as the root user through the id. detail »Īll FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. An unauthenticated, remote attacker can exploit. detail »Īll FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An authenticated remote attacker can execute arbitrary JavaScript. All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |