Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials. Date published :...
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. Date published : 2020-11-17 BASETech IP camera analysis
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. Date published : 2020-11-17 BASETech IP camera analysis
Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. Date published : 2020-11-17 BASETech IP camera...
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the...
Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter. Date published : 2020-11-17 http://packetstormsecurity.com/files/160082/Kaa-IoT-Platform-1.2.0-Cross-Site-Scripting.html
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. Date published : 2020-11-17 https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. Date published : 2020-11-17 https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. Date published : 2020-11-17 https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. Date published : 2020-11-17 https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. Date published : 2020-11-17 https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. Date published : 2020-11-17 https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, =13.4, =13.5,
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays...