Javier Repiso Sánchez

6 exploits Active since Oct 2013
CVE-2013-3540 EXPLOITDB WORKING POC
AirLive OD-2025HD OD-2060HD POE100HD POE200HD POE250HD POE2600HD - Cross-Site Request Forgery in User Group Management
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
CVE-2013-3541 EXPLOITDB WORKING POC
AirLive WL2600CAM - Path Traversal via fileread READ.filePath Parameter
Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePath parameter.
CVE-2013-3686 EXPLOITDB WRITEUP
AirLive WL2600CAM - Information Disclosure via CGI Operator Param
cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action.
CVE-2013-3687 EXPLOITDB WRITEUP
Ovislink Airlive Od-2025hd - Cryptographic Issue
AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file.
CVE-2013-3543 EXPLOITDB text WORKING POC
AXIS Media Control ActiveX Control - Arbitrary File Write via StartRecord, SaveCurrentImage, or StartRecordMedia Methods
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.
CVE-2013-3691 EXPLOITDB HIGH text WORKING POC
AirLive POE-2600HD Firmware - Denial of Service via Long URL
AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.
CVSS 7.5