Amcrest IPM-721S suffers from credential disclosure, privilege escalation, and a long list of other vulnerabilities.
>> CATEGORY: exploit
Dlink DCS-1130 suffers from command injection, cross site request forgery, stack overflow, and various other vulnerabilities.
Securifi Almond 2015 suffers from buffer overflow, command injection, cross site scripting, cross site request forgery, and various other vulnerabilities.
Starry Router Camera suffers from vulnerabilities where the PIN can be brute-forced and the HTML5 CORS ORIGIN is set with a wildcard.
Veralite and Veraedge routers / smart home controllers suffer from command injection, cross site request forgery, cross site scripting, code execution, directory traversal, and various other vulnerabilities.
Shekar Endoscope has telnet enabled by default, default wifi credentials, a flaw where an attacker can change the wifi password without any additional authentication, and four memory corruption vulnerabilities.
UliCMS version2 019.1 suffers from a persistent cross site scripting vulnerability.
Ubuntu version 18.04 lxd privilege escalation exploit.
Wampserver versions 3.1.4 through 3.1.8 suffer from a cross site request forgery vulnerability.
Microsoft Windows AppX Deployment Service local privilege escalation exploit that bypasses CVE-2019-0841.