Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user….
>> CATEGORY: exploit
Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify…
Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter ‘enable_leds’ located in the update() function called via…
Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of…
Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.
Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie ‘auth_token’ in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read…
This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods.
Microsoft Office 365 Enterprise E3 suffers from an insufficient session expiration vulnerability.
Firefox version 54.0.1 suffers from a denial of service vulnerability.
Yaws version 1.91 suffers from an unauthenticated remote file disclosure vulnerability.