Synology DSM versions 4.3-3810 and below suffer from multiple directory traversal vulnerabilities.
baddc783cba3ba3012c1d9f37e58531b749662074b81d95266d64e6544b90e21
Synology DSM versions 4.3-3776 and below suffer from remote file download, content disclosure, cross site scripting, and command injection vulnerabilities.
a560d69710d4ba76ec357f35a153ec6e0a5247b97ea46b2af3a6d6381872a32a
Samsung DVRs put usernames and passwords base64 encoded into cookies. They also fail to validate the cookies in many places, so any values work, allowing for authentication bypass. A proof of concept exploit that lists all users and passwords is included.
6219a380366e2aecc4495c804c39b2f23b5f3ae1609e4c340f64ce8cc584d483
Buffalo TeraStation TS-Series with firmware versions 1.5.7 and below suffer from file disclosure and command injection vulnerabilities.
a1a174bf53968f44a8d76eb7f7bf2481d5306ead2f09c68a726696b25e20edf1
Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.
57aec9566565a83d94933270426cb1b822eb107ada1e1ad8c594b19a032e394f
QNAP Turbo NAS versions 3.7.3 build 20120801 and below suffer from arbitrary file read and modify vulnerabilities.
74f49abffb918e2e6876084b17da1377c2d36d966fe6827b0a6bd22b0ada8146
Novell Sentinel Log Manager versions 1.2.0.1 and below suffer from a directory traversal vulnerability.
1344d9e53b9e1f29ca58152d68c7e31e2e1f7554e18481c4fbb9c5c8437f755c
Joomla VirtueMart component versions 1.1.6 and below suffer from a remote blind SQL injection vulnerability.
11f7df2b0e1f362c8f25d13f54b57db8932ce64594cf7a77783f30ec49d40ac0
PRISM is an user space reverse shell backdoor. It offers ICMP mode where it awaits a packet containing a security key and host ip / port destination information. It also offers static mode where it can connect to a hardcoded ip / port.
a134a9b3c0e23836566ba54259b1ebb7ac86b493d52c8e0efac73c5043fef900
PhpShop version 0.8.1 suffers from remote SQL injection, blind SQL injection, cross site scripting, and cross site request forgery vulnerabilities.
8cdd6603293330907026a6bd3ba7622022c146928d030a8f850ddcc4a99e4fcd
3Com OfficeConnect routers appear to suffer from password disclosure and remote command execution vulnerabilities.
f4915ebc296bd3603c9e336e18437ac196860ed9675bddab482982e82f9ed5a8
Snitz Forums 2000 version 3.4.07 suffers from cross site scripting vulnerabilities.
fbe830d076100f57e540a54da49f464fced24007b9a5d42ebb17e035b7cbfe6b
The Everfocus EDSR firmware fails to correctly handle authentication and sessions. This remote exploit takes advantages of versions 1.4 and below and lets you view the live cameras of remote DVRs.
10026da1a7949dc0eaf28f986ef241f8679e65ad5c74df580ec8f86a61a39823
Docebo version 3.6.0.3 suffers multiple remote SQL injection vulnerabilities.
b44d0cf0d50db065e5a6ae908acb04cc296bb04b0e19cbdf643b9fc48097f468