| Real Name | Gjoko Krstic |
|---|---|
| Email address | private |
| First Active | 2007-07-26 |
| Last Active | 2017-07-14 |
Dasan Networks GPON ONT WiFi Router H64X Series suffers from a system configuration download vulnerability.
32c6926d4b55f78a96e9330f3313ccb5Dasan Networks GPON ONT WiFi Router H64X Series suffers from a privilege escalation vulnerability.
870b4516ab12344f5a3e0b816499e21aDasan Networks GPON ONT WiFi Router H64X Series suffers from a cross site request forgery vulnerability.
f8789c203d45686a1478547c8f7ef85bDasan Networks GPON ONT WiFi Router H64X Series does not properly perform authentication and authorization, allowing it to be bypassed through cookie manipulation. Setting the Cookie 'Grant' with value 1 (user) or 2 (admin) will bypass security controls in place enabling the attacker to take full control of the device management interface.
2ac46a8fae0efacc57a1d3723fb041ccSchneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie 'auth_token' in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking.
29d6a13171a92249a789a85e02531e9ePelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.
dfa0df3c855819b71c9869725eccb056Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for several binary files. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.
2fe804940583feed8e2672643c87628dPelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.
f60def224c0da5db858f33bf6eef0e47Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
7cab066459f46bedf6175289966aec2ePelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
7f8219b6e322e2f71ec72c2c608d1040SimpleRisk version 20170416-001 suffers from multiple cross site scripting vulnerabilities.
cc6ee041f9ef0acdd8e3fb8dbdcb6dfbEnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.
6051f5e6ab0341318d0a8979089a82beOV3 Online Administration version 3.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.
b45182a216390d5400da665f979cc9adOV3 Online Administration version 3.0 suffers from an authenticated remote code execution vulnerability.
4836439cfaece2fea647cf5c5b5bc314OV3 Online Administration version 3.0 suffers from a traversal vulnerability that allows for arbitrary file access.
d59ba0c9c85323843417e3b44d2fa62bCERIO 11nbg 2.4Ghz high power wireless router (pekcmd) has multiple backdoor accounts that yield rootshells.
624f0bc5afb62a9c9c86abe9e5434ea1This Metasploit module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service (on port 23423 by default) exposes a REST API which which does not require authentication. The 'action' API endpoint does not sufficiently sanitize user-supplied data in the 'VIDEO' parameter of the 'checkStreamUrl' method. This parameter is used in a call to cmd.exe resulting in execution of arbitrary commands. This Metasploit module has been tested successfully on Serviio Media Server versions 1.4.0, 1.5.0, 1.6.0 and 1.8.0 on Windows 7.
ab1da9f50ece75772d5c07e501778759Serviio PRO DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffers from a REST API arbitrary code execution vulnerability.
dbad305e3ceb6461169d99bb0474ce62Serviio PRO DLNA Media Streaming Server versions 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffer from a REST API arbitrary password change vulnerability.
8a0c31328a98d804ec31c0e9735904eeServiio PRO DLNA Media Streaming Server version 1.8.0.0 PRO suffers from a local privilege escalation vulnerability.
3c3bc91b4d62206bd85ee70253cc3f43Serviio PRO DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffer from a mediabrowser cross site scripting vulnerability.
9134e53bdc429fd3b0afdb257596d9f7Serviio PRO 1.8 DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffer from a REST API information disclosure vulnerability.
65614cca99e652ccba1c1aff4bc441e4Emby MediaServer version 3.2.5 suffers from a directory traversal vulnerability that allows for arbitrary file disclosure.
d0e77200f0f0e8207eb440954f30658fEmby MediaServer version 3.2.5 suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the URL path filename when handling 'not found' errors. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
de3ade950678067a800aa9e801f9765dEmby MediaServer version 3.2.5 suffers from a password reset vulnerability.
6893ef995ae09d29119938b846edec45
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed