The camera suffers from two authenticated command injection vulnerabilities. The issues can be triggered when calling ServerName or TimeZone GET parameters via the servertest page. This can be exploited to inject arbitrary system commands and gain root remote code execution.
BEWARD N100 camera suffers from an unauthenticated and unauthorized live RTSP video stream access.
Nessus is a vulnerability assessment solution in the market. A stored XSS vulnerability was discovered in Nessus 8.2.1. The vulnerability can be exploited by sending a malicious payload in the 'value' parameter of a POST request to the '/policies' endpoint. The payload is '"><script>alert(1)</script>'. Upon successful exploitation, an alert box with the value '1' is triggered.
TaskInfo v8.2.0.280 is vulnerable to a denial of service attack due to a local buffer overflow. An attacker can exploit this vulnerability by running TaskInfo.exe, copying the content of TaskInfo_Crash.txt to the clipboard, and then going to 'Help' - 'Registration' - 'Set or View Registration Information' and pasting the result in the 'New User Name:' and 'New Serial Number:' textbox. Clicking the OK button will cause a crash.
ResourceSpace <=8.6 is vulnerable to SQL Injection in the 'watched_searches.php' page. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable page. This can be done by appending a malicious SQL query to the 'ref' parameter in the URL. This can allow an attacker to gain access to the database and potentially execute arbitrary code.
Paramiko is a Python implementation of the SSHv2 protocol, providing both client and server functionality. Paramiko is vulnerable to an insecure default configuration vulnerability, which allows an attacker to connect to the SSH server without authentication. This vulnerability is due to the Paramiko library not enforcing authentication by default. An attacker can exploit this vulnerability by connecting to the SSH server without authentication and executing arbitrary commands.
An attacker can force the web server to request remote files and display the output by placing any arbitrary URL in the 'url' parameter of /api/DownloadUrlResponse.ashx. This can also be utilised to request files from the local file system by using the file:// URI syntax, such as file://C:/WINDOWS/System32/drivers/etc/hosts.
Remote Process Explorer v1.0.0.16 is vulnerable to a denial of service (DoS) attack due to a local buffer overflow. The vulnerability can be triggered by copying a specially crafted string to the clipboard and then pasting it into the 'Add computer' textbox. This will cause the application to crash and overwrite the SEH chain of thread 00000144.
A buffer overflow vulnerability exists in the netkey code of FreeBSD 11.2-RELEASE-p3. The vulnerability is triggered when a valid SA with a known SPI (e.g. 0x41414141) is loaded and a SADB_GETSASTAT message containing multiple requests for that same, valid SPI is sent. This causes the key_getsastatbyspi function to increment the found variable and go past the end of the stat_res buffer, resulting in a buffer overflow.
LanHelper v1.74 is vulnerable to a denial of service attack due to a local buffer overflow. An attacker can exploit this vulnerability by running LanHelper.exe, copying the content of LanHelper_Crash.txt or 6000 'A' characters to the clipboard, going to 'NT-Utilities' - 'Form Send Message' - 'Message' - 'Add' - 'Add target' and pasting the result from the python script, and then pasting the result from the python script in 'Message text:'. Clicking the 'Send' button will cause a crash.
Services By CQR