Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ip camera firmware vulnerabilities and exploits
(subscribe to this query)
676
VMScore
CVE-2018-9157
An issue exists on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Serve...
Axis M1033-w Firmware 5.40.5.1
445
VMScore
CVE-2015-8287
Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote malicious users to watch live video by visiting an unspecified URL.
Swann Swnvw-470cam Firmware
Swann Srnvw-470lcd Firmware
890
VMScore
CVE-2016-6535
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote malicious users to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session.
Aver Eh6108h\\+ Firmware X9.03.24.00.07l
894
VMScore
CVE-2021-4045
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an malicious user to take full control of the camera.
Tp-link Tapo C200 Firmware
15 Github repositories
890
VMScore
CVE-2016-6536
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote malicious users to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.
Aver Eh6108h\\+ Firmware
445
VMScore
CVE-2016-6537
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings.
Aver Eh6108h\\+ Firmware X9.03.24.00.07l
421
VMScore
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
128 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8