DRAGOWN

8 exploits Active since Mar 2023
CVE-2025-26264 NOMISEC HIGH WRITEUP
GeoVision GV-ASWeb <= 6.1.2.0 - Authenticated Remote Code Execution via Notification Settings
GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise.
7 stars
CVSS 8.8
CVE-2025-26263 NOMISEC MEDIUM WRITEUP
GeoVision ASManager <6.2.0 - Info Disclosure
GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.
6 stars
CVSS 5.1
CVE-2024-56902 NOMISEC HIGH WRITEUP
Geovision GV-ASManager <6.1.0.0 - Info Disclosure
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.
3 stars
CVSS 7.5
CVE-2024-56901 GITHUB HIGH WRITEUP
Geovision GV-ASWeb <=6.1.1.0 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF attack.
2 stars
CVSS 8.8
CVE-2024-56903 NOMISEC HIGH WRITEUP
Geovision GV-ASWeb <= 6.1.1.0 - Cross-Site Request Forgery via POST to GET Method Conversion
Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.
2 stars
CVSS 8.1
CVE-2024-56898 NOMISEC HIGH WRITEUP
Geovision GV-ASWeb <6.1.0.0 - Privilege Escalation
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.
2 stars
CVSS 8.8
CVE-2024-56901 NOMISEC HIGH WORKING POC
Geovision GV-ASWeb <=6.1.1.0 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF attack.
2 stars
CVSS 8.8
CVE-2023-24709 NOMISEC HIGH WORKING POC
Paradox Security Systems IPR512 - DoS
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.
2 stars
CVSS 7.5