Exploitdb Exploits
50,076 exploits tracked across all sources.
Hikvision DS-2CD7153-E - Privilege Escalation
Hikvision DS-2CD7153-E IP Camera has Privilege Escalation
CVSS 8.8
Hikvision DS-2CD7153-E - Auth Bypass
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials
CVSS 9.8
CVE-2013-7247
EXPLOITDB
Franklin Fueling Systems TS-550 evo <2.4.0 - Info Disclosure
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.
CVE-2014-8868
EXPLOITDB
EntryPass N5200 Active Network Control Panel - Unauthenticated Sensitive Information Exposure via /4 Endpoint
EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4.
CVE-2013-4096
EXPLOITDB
DS3 Authentication Server - Authenticated Remote Code Execution via HOST_NAME Field
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field.
CVE-2013-4097
EXPLOITDB
DS3 Authentication Server - Path Traversal via ServerAdmin/TestDRConnection.jsp
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message.
CVE-2013-3612
EXPLOITDB
Dahua DVR - Hardcoded Password for Root and Backdoor Accounts
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
CVE-2013-3613
EXPLOITDB
Dahua DVR - Unauthenticated Remote Access via UPnP Replay Attack
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
CVE-2013-3614
EXPLOITDB
Dahua DVR - Weak Password Length Limit
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2013-3615
EXPLOITDB
Dahua DVR - Weak Password Hash Vulnerability
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.
D-Link DCS-2102 and DCS-2121 Firmware - Authentication Bypass via UPnP ASF-MP4 Streaming
An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-2102 1.06_FR. 1.06, and 1.05_RU, which could let a malicious user obtain sensitive information.
CVSS 5.3
D-Link DCS and WCS Firmware - Unauthenticated Information Disclosure via lums.cgi
An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK An Information Disclosure vulnerability exists due to a failure to restrict access on the lums.cgi script when processing a live video stream in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03, which could let a malicious user obtain sensitive information. which could let a malicious user obtain sensitive information.
CVSS 5.3
D-Link DCS-3411 and Multiple Camera Firmware - Unauthenticated Information Disclosure via RTSP Session Cookie
An Information Disclosure vulnerability exists due to insufficient validation of authentication cookies for the RTSP session in D-Link DCS-5635 1.01, DCS-1100L 1.04, DCS-1130L 1.04, DCS-1100 1.03/1.04_US, DCS-1130 1.03/1.04_US , DCS-2102 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-2121 1.05_RU/1.06/1.06_FR/1.05_TESCO, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.0, DCS-7410 1.0, DCS-7510 1.0, and WCS-1100 1.02, which could let a malicious user obtain unauthorized access to video streams.
CVSS 7.5
D-Link DIR-100 4.03B07 - Insufficiently Protected Credentials via cliget.cgi Script
D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script
CVSS 9.8
D-Link DIR-100 Firmware 4.03B07 - Cross-Site Request Forgery via cli.cgi
D-Link DIR-100 4.03B07: cli.cgi CSRF
CVSS 8.8
D-Link DIR-100 Firmware 4.03B07 - Cross-Site Scripting via cli.cgi
D-Link DIR-100 4.03B07: cli.cgi XSS
CVSS 6.1
Linksys E4200 Firmware 1.0.05 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
CVSS 6.1
Cisco Linksys E4200 <1.0.05 - Info Disclosure
Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information.
CVSS 7.5
Cisco Linksys E4200 <1.0.05 Build 7 - Auth Bypass
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access.
CVSS 9.8
Cisco Linksys E4200 <1.0.05 Build 7 - Info Disclosure
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.
CVSS 4.3
Cisco Linksys E4200 <1.0.05 - Info Disclosure
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
CVSS 5.3
ARRIS VAP2500 Firmware < 08.41 - Remote Command Execution
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.
ARRIS VAP2500 < 08.41 - Authentication Bypass via Improper Password Validation
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
CVE-2013-3540
EXPLOITDB
AirLive OD-2025HD OD-2060HD POE100HD POE200HD POE250HD POE2600HD - Cross-Site Request Forgery in User Group Management
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
CVE-2013-3541
EXPLOITDB
AirLive WL2600CAM - Path Traversal via fileread READ.filePath Parameter
Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePath parameter.
By Source