Jake Reynolds

9 exploits Active since Jun 2006
CVE-2013-3612 EXPLOITDB WORKING POC
Dahua DVR - Hardcoded Password for Root and Backdoor Accounts
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
CVE-2013-3613 EXPLOITDB WORKING POC
Dahua DVR - Unauthenticated Remote Access via UPnP Replay Attack
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
CVE-2013-3614 EXPLOITDB WORKING POC
Dahua DVR - Weak Password Length Limit
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2013-3615 EXPLOITDB WORKING POC
Dahua DVR - Weak Password Hash Vulnerability
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.
CVE-2013-6117 METASPLOIT ruby WORKING POC
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Unauthenticated Authentication Bypass via TCP Port 37777
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
EIP-2026-101927 EXPLOITDB text WRITEUP
Polycom VVX-Series Business Media Phones - Directory Traversal
CVE-2013-6117 EXPLOITDB text WORKING POC
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Unauthenticated Authentication Bypass via TCP Port 37777
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
CVE-2006-3109 EXPLOITDB text WORKING POC
Cisco CallManager 3.3-4.3 - Cross-Site Scripting via ccmadmin/phonelist.asp and ccmuser/logon.asp
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
CVE-2006-3109 EXPLOITDB text WORKING POC
Cisco CallManager 3.3-4.3 - Cross-Site Scripting via ccmadmin/phonelist.asp and ccmuser/logon.asp
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.