C2S DVR allows an unauthenticated user to disclose the username and password by requesting the javascript page read.cgi?page=2. This may also work on some cameras including IRDOME-II-C2S, IRBOX-II-C2S.
f14eb376c1dcefd1b99e4b5370da22899ba91385ab2b1509b470c463d912db0fSIEMENS IP-Camera (CVMS2025-IR + CCMS2025), JVC IP-Camera (VN-T216VPRU), and Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) allow an unauthenticated user to disclose the username and password by requesting the javascript page readfile.cgi?query=ADMINID. Siemens firmwares affected: x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, x.2.2.1235.
75f290c73dd9cc43a56aaf952cb417b04741e27f28826be5a9ebfc52ebd9c6c9PrivateTunnel client version 2.7.0 on x64 local credential disclosure after sign out exploit.
833c62176b378d25b4bb3217d9ac7e9b9d1544e1f72f511ed6bc0bf04f288d96LogMeIn client version 1.3.2462 (64bit) suffers from a local credential memory disclosure vulnerability.
3e21881c146874807c984cebd32e544f21626d0eac6b98d3aac36bc0dc6ee9acApple iCloud Desktop Client version 5.2.1.0 local credential memory disclosure exploit.
0c44cf0b66aabb0dbb6c52a53759c70e0b89c7ed4ee221f04d81ac76a5721350Dropbox Desktop Client version 9.4.49 (64bit) suffers from a local credential disclosure vulnerability.
0bd3a8c8f0e7d623ca6c0a93b89eafc1a6b96bf0bf1d166ca1011aeb8a251df2MySQL version 5.5.45 64-bit suffers from a local credential disclosure vulnerability.
d5d580430a80f0c080da71316f664382b08040892691409270d49161773fb974Navicat Premium version 11.2.11 suffers from a local password disclosure vulnerability.
b879ec40891b563a273a3f910a10a46e8fce278ea2f895630a02d4fe93e24cc7PHP version 7.0 suffers from AppendIterator::append and JsonSerializable::jsonSerialize denial of service vulnerabilities.
fc161372c3c191704b2a624fefba8728c1db97fbb922c3c780ca1bdb5c72edb9PHP version 5.0.0 suffers from imap_mail(), hw_docbyanchor(), html_doc_file(), snmpset(), snmprealwalk(), snmpwalk(), fbird_[p]connect(), and snmpwalkoid() denial of service vulnerabilities.
6a99d600f79dee9f08af03039c948f138bbd7b55e5cc6eb1d2a49d471296c337PHP version 5.0.0 suffers from a xmldocfile() denial of service vulnerability.
0bcc951809d8bbc757db05b3c9e9177ebc25335a43389a3460b6a44b33ff7d20PHP version 7.0 suffers from an object cloning denial of service vulnerability.
99d5e9b3760594f8032d17ff774e17acee8cbab6077fc8d293c6f62d5d29a542PHP version 5.0.0 suffers from a simplexml_load_file() local denial of service vulnerability.
f7f56c7d578c979550e3037440da381a9ed6e1368c053130143eebab2f0c8dfaPHP version 5.0.0 suffers from a denial of service vulnerability in domxml_open_file().
1600c83298c5e9014bb21a20b3074ea6e67bb77c93ad413d58e7a39497143b1eVideoIQ Camera suffers from a file disclosure vulnerability.
8e79e33a110bf5cbe4ed378d41e766eceeb6fad1f062efe99f993f25713829a2Vanderbilt IP-Camera versions CCPW3025-IR and CVMW3025-IR suffer from a remote credential disclosure vulnerability.
8768c389705867bfdae855f0a77fb9311338ceaed42f658f408ad91c5f29ad63JVC IP-Camera version VN-T216VPRU suffers from a remote credential disclosure vulnerability.
c0d860339fe71a02d203cce656f6cc5c8f1279fdea6c4f598f0d62e666604633C2S types IRDOME-II-C2S, IRBOX-II-C2S, and DVR suffer from remote credential disclosure and authentication bypass vulnerabilities.
e73e89f000fcdea1c330da9b5c60fde2f83706e600950d25d0e7c67d5a83009dHoneywell IP-Camera HICC-1100PT suffers from an unauthenticated remote credential disclosure vulnerability.
c7e6e374ae953f8fbd0f9c1b224048c318f5e2d2a813014e246f1c1b1a4bc230Siemens IP-Camera versions x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, and x.2.2.1235 suffer from an unauthenticated credential disclosure vulnerability.
6f66438ce50ec2d5fc732fa79d30cf3d29dcbb1b1a9b5a54690478fb7fa6a831CodoForum version 3.2.1 suffers from a remote SQL injection vulnerability.
29e42205f5a7006437937ea15d9724892274bd3b43b9219c9606bcd2841fbcc1Clinic Management System suffers from an unauthenticated remote blind SQL injection vulnerability.
1e4b0186dbbd5704b1e2383d8bec4c278a1589f74c1b28104d18108765b3abc1Beauty Parlour and SPA Saloon Management System suffers from an unauthenticated blind remote SQL injection vulnerability.
1f54efc3b4e06d3e6f7a22b771694ea380c1ad8ae2d4002a8a59644e205f9ff6OPAC KpwinSQL suffers from cross site scripting and local file inclusion vulnerabilities.
c1e5ca509e49b1552840b0954e0b1ec247563e3a8adb48e5c0816ca0a1593df4LG DVR LE6016D suffers from a remote file disclosure vulnerability.
b3e54b341df79645e309216eeea82084a5c8e5bc3b2d102a79cdaefe490fc345
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed