|
297301
|
7.5 |
HIGH
Network
|
tp-link
|
tl-sc_3130_firmware
tl-sc_3130g_firmware
tl-sc_3171g_firmware
tl-sc_4171g_firmware
|
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, whic…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2013-2572
|
2024-11-21 10:51 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297302
|
9.8 |
CRITICAL
Network
|
zavio
|
f3105_firmware
f312a_firmware
|
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remov…
|
CWE-78
OS Command
|
CVE-2013-2570
|
2024-11-21 10:51 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297303
|
7.5 |
HIGH
Network
|
zavio
|
f3105_firmware
f312a_firmware
|
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access t…
|
CWE-287
Improper Authentication
|
CVE-2013-2569
|
2024-11-21 10:51 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297304
|
9.8 |
CRITICAL
Network
|
zavio
|
f3105_firmware
f312a_firmware
|
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
|
CWE-78
OS Command
|
CVE-2013-2568
|
2024-11-21 10:51 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297305
|
7.5 |
HIGH
Network
|
zavio
|
f3105_firmware
f312a_firmware
|
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sen…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2013-2567
|
2024-11-21 10:51 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297306
|
9.8 |
CRITICAL
Network
|
hcomm
|
xpient_iris
|
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the…
|
CWE-20
Improper Input Validation
|
CVE-2013-2571
|
2024-11-21 10:51 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297307
|
7.5 |
HIGH
Network
|
simplehrm
|
simplehrm
|
SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.
|
CWE-200
Information Exposure
|
CVE-2013-2499
|
2024-11-21 10:51 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297308
|
7.5 |
HIGH
Network
|
aws-dms
|
aws_xms
|
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.
|
CWE-22
Path Traversal
|
CVE-2013-2474
|
2024-11-21 10:51 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297309
|
7.2 |
HIGH
Network
|
fudforum
|
fudforum
|
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
|
CWE-94
Code Injection
|
CVE-2013-2267
|
2024-11-21 10:51 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297310
|
7.1 |
HIGH
Local
|
monkey-project
|
monkey
|
Monkey HTTP Daemon has local security bypass
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2013-2183
|
2024-11-21 10:51 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
