:: Deepquest ::

WordPress Selected Text Sharer plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

WordPress Welcome Announcement plugin version 1.0.5 suffers from a cross site scripting vulnerability.

NUUO NVRmini, NVRmini2, Crystal and NVRSolo suffer from an unauthenticated command injection vulnerability. Due to an undocumented and hidden debugging script, an attacker can inject and execute arbitrary code as the root user via the ‘log’ GET parameter in the ‘__debugging_center_utils___.php’ script. Included is a remote root exploit and an nse file. Versions 3.0.8 and […]

NUUO versions 3.0.8 and below add administrator cross site request forgery exploit.

NUUO versions 3.0.8 and below suffer from a file disclosure vulnerability.

NUUO versions 3.0.8 and below suffer from OS command injection vulnerabilities.

NUUO NVRmini, NVRmini2, Crystal, NVRSolo suffer from an authenticated ShellShock vulnerability. This could allow an attacker to gain control over a targeted computer if exploited successfully. The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and Unix.

NUUO versions 3.0.8 and below suffer from an arbitrary file deletion vulnerability.

NUUO NVRmini, NVRmini2, Crystal and NVRSolo devices have a hidden PHP script that when called, a backdoor user is created with poweruser privileges that is able to read and write files on the affected device. The backdoor user ‘bbb’ when created with the password ‘111111’ by visiting ‘strong_user.php’ script is able to initiate a secure […]