Master IP CAM version 01 has a hardcoded root password and suffers from multiple unauthenticated access vulnerabilities.
1b7b16dc033365ff3162c79dfd711a78130a165f689c53737f95802789f1b521This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
5a88ff9a13dc712f648150200591ec804a09cb0631600c4db7449f3c17604a4bThis Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
2dfadd85c9c6ae2a3b6dbc4fd0a0377aac24947c5d90300dbf9bd50e9aa7ebe9InCoP (Invisible CamOuflage Protocol) enables the communication between secure systems such as NIDS, ideally located in isolated networks. This hybrid daemon is capable of hiding information by learning from the network and, in a second stage, of sending similar traffic in order to hide the messages as a cover channel does.
c768e433735d4d709fc03347480e852525e812532fc5d8ba45ee91d978044d24Secunia Security Advisory - A vulnerability has been reported in the Campaign Monitor module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
4cc6d2225fa3b10d157826f31126c15c92831ba5c55771ed210fbcebd5efd142Drupal third party module Campaign Monitor versions 6.x-2.x prior to 6.x-2.5 suffer from a cross site scripting vulnerability.
fcf698f74e9bd805c5289afb6e0ad89ddcb88901f7884f93b45a0a3a837ab1ebVivotek Cameras suffer from a configuration disclosure vulnerability that leaks password information.
d058e2a1787927c136f919f18b911e8101c71269a4d32b051967630ea19ce337Secunia Security Advisory - A vulnerability has been reported in Edimax IC-3030iWn Network Camera, which can be exploited by malicious people to disclose sensitive information.
f4cd0de086ff9f40c210133d0848e3f36873522b32307d11c836b710be647608The ACTi Web Configurator 3.0 for ACTi IP Surveillance Cameras contains a directory traversal vulnerability within the cgi-bin directory. An unauthenticated remote attacker can use this vulnerability to retrieve arbitrary files that are located outside the root of the web server.
cd526d96e19262e3b3c0e25617019f84a594ac02d555f92b3a0491802618f9b0ToorCamp is a five-day open-air event for hackers, makers, breakers, and shakers. ToorCamp is where you get together with the rest of the best in a relaxing, beautiful atmosphere, and exchange ideas with the brightest technology experts from around the world. The camp has everything you need: power, internet, food and fun. Bring your tent, bring a friend ? and get ready to reunite and reignite with really smart people, just like you. It will take place at the Hobuck Beach Resort in Neah Bay, Washington August 8th through the 12th, 2012.
3ab8ae04cdb392e8cde6a855fe0321cfdb2744923dd3c58966ac7e044efc4d60This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user.
dbd0c9ab83279260de0fbf18041f491375843cf365e6a1c3874208c117b871efJogjacamp suffers from a cross site scripting vulnerability.
3147ee47d9ced5d677c07167d08d56a086eb813bcbb26c507ecba32c48c3c6e5Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in TRENDnet UltraMJCam ActiveX Control, which can be exploited by malicious people to compromise a user's system.
d232e8935e3373309b56ab8fbad2bb22548f62f8d9e9ac48fea9f8f5defc153aSecunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Camera Stream Client ActiveX Control, which can be exploited by malicious people to compromise a user's system.
0f4504cc49e35bf338bc479bad45e5714cbb5312754432f200fd859dc09d41e8The D-Link SecuriCam DCS-5605 Network Surveillance DcsCliCtrl.dll active-x control suffers from a buffer overflow vulnerability. Proof of concept code included.
1edd0a6afe6d31147b097c2127b64cc9e88a0013161e4c6fafa7d291d19e8ba8The TRENDnet SecurView TV-IP121WN wireless internet camera UltraMJCam active-x control suffers from an OpenFileDlg() WideCharToMultiByte remote buffer overflow. Proof of concept code included.
a1448bcd0d8740d3db37283f486bc15f2158a7b7818ccafbfc0569b5d3cb8984Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT active-x control (PlayerPT.ocx) suffers from a sprintf buffer overflow vulnerability. Version 1.0.0.15 is affected.
3933dd1431da4c063e62908b6d60cf61accefadfda1561e952bfa4c9d5163a86This Metasploit module exploits a vulnerability in Dell Webcam's CrazyTalk component. Specifically, when supplying a long string for a file path to the BackImage property, an overflow may occur after checking certain file extension names, resulting in remote code execution under the context of the user.
c9f9dfe042de7f5d659677f6a10aa38d77f8bd3e8e047325d2dceb11e6f8874cSecunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Dell Webcam Central, which can be exploited by malicious people to compromise a user's system.
66db5b09e29e9cef90b64187179f01dcb147da69964aa4b9278638837a67ea71The Dell Webcam software bundled active-x control CrazyTalk4Native.dll suffers from a remote buffer overflow vulnerability.
4602832995fbcf6a2ccdc7e3b461f2c912eb866acd281ca2f1041eff63882cc0Red Hat Security Advisory 2012-0396-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. A flaw was found in the way LDAP authentication was handled. If the LDAP bind account credentials became invalid, subsequent log in attempts with any password for user accounts created via LDAP were successful. A remote attacker could use this flaw to log into LDAP-based JBoss ON accounts without knowing the correct passwords.
145fc959fbc7cc8bfb9b7e7eccef6c448ffafe94e95ffa18be3f080b0c3cbf48This Metasploit module exploits a vulnerability found in Adobe Flash Player. By supplying a corrupt .mp4 file loaded by Flash, it is possible to gain arbitrary remote code execution under the context of the user. This vulnerability has been exploited in the wild as part of the "Iran's Oil and Nuclear Situation.doc" phishing campaign.
bc712e2a0634304709e04fab0e0b399f87ad8994ef78b54e906ba338a89de632WebcamXP and Webcam7 suffer from a directory traversal vulnerability.
d8deb6afe4f219e4e760d3a7e556e9078532191fa12d6a586fda9d318e44c4faSecunia Security Advisory - A vulnerability has been reported in OCaml, which can be exploited by malicious people to cause a DoS (Denial of Service).
e72fa6518578bdc435ab20d1c4fd5806e8bc2a704b1ec39f6375f5998435c4f9Secunia Security Advisory - A vulnerability has been reported in Campaign Enterprise, which can be exploited by malicious users to conduct SQL injection attacks.
3ce42bdb5f60e8ad47a6fed415c8988e58fa4af143f71d54c28015e96c991decCampaign Enterprise version 11.0.421 suffers from a remote SQL injection vulnerability.
a6e7c8d4760e5b9abb987effc8b747e80986605d0bf70dbc3709453031e5931f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed