Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used
A remote code execution vulnerability
exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated
user with System Setting permissions can execute arbitrary commands on the
server by
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploi
GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "Sys
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.
Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.
Some endpoints in vulnerability-lookup that modified
application state (e.g. changing database entries, user data,
configurations, or other privileged actions) may have been accessible
via HTTP GET
A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipu
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An atta
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arb
Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF)
A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of
Cross-Site Request Forgery (CSRF) vulnerability in uamv Glance That allows Cross Site Request Forgery.
This issue affects Glance That: from n/a through 4.9.
Cross-Site Request Forgery (CSRF) vulnerability in straightvisions GmbH SV Proven Expert sv-provenexpert allows Cross Site Request Forgery.This issue affects SV Proven Expert: from n/a through <= 2.0.
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can
GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe p
A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types
A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a
Page 1+ Next →