|
287101
|
9.8 |
CRITICAL
Network
|
zavio
|
f3105_firmware
f312a_firmware
|
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remov…
|
CWE-78
OS Command
|
CVE-2013-2570
|
2024-11-21 10:51 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287102
|
7.5 |
HIGH
Network
|
zavio
|
f3105_firmware
f312a_firmware
|
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access t…
|
CWE-287
Improper Authentication
|
CVE-2013-2569
|
2024-11-21 10:51 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287103
|
9.8 |
CRITICAL
Network
|
zavio
|
f3105_firmware
f312a_firmware
|
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
|
CWE-78
OS Command
|
CVE-2013-2568
|
2024-11-21 10:51 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287104
|
7.5 |
HIGH
Network
|
zavio
|
f3105_firmware
f312a_firmware
|
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sen…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2013-2567
|
2024-11-21 10:51 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287105
|
9.8 |
CRITICAL
Network
|
hcomm
|
xpient_iris
|
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the…
|
CWE-20
Improper Input Validation
|
CVE-2013-2571
|
2024-11-21 10:51 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287106
|
7.5 |
HIGH
Network
|
simplehrm
|
simplehrm
|
SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.
|
CWE-200
Information Exposure
|
CVE-2013-2499
|
2024-11-21 10:51 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287107
|
7.5 |
HIGH
Network
|
aws-dms
|
aws_xms
|
Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.
|
CWE-22
Path Traversal
|
CVE-2013-2474
|
2024-11-21 10:51 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287108
|
7.2 |
HIGH
Network
|
fudforum
|
fudforum
|
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
|
CWE-94
Code Injection
|
CVE-2013-2267
|
2024-11-21 10:51 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287109
|
7.1 |
HIGH
Local
|
monkey-project
|
monkey
|
Monkey HTTP Daemon has local security bypass
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2013-2183
|
2024-11-21 10:51 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287110
|
9.8 |
CRITICAL
Network
|
openstack
redhat
debian
|
python-keystoneclient
openstack
debian_linux
|
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2013-2167
|
2024-11-21 10:51 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
