From f8d109fa3cf1d39ab5eed99d2a3a20f7f70bc73c Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Sat, 16 May 2015 05:03:20 +0000
Subject: [PATCH] DB: 2015-05-16

1 new exploits
---
 platforms/multiple/webapps/10209.txt | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100755 platforms/multiple/webapps/10209.txt

diff --git a/platforms/multiple/webapps/10209.txt b/platforms/multiple/webapps/10209.txt
new file mode 100755
index 000000000..6467cc1dd
--- /dev/null
+++ b/platforms/multiple/webapps/10209.txt
@@ -0,0 +1,26 @@
+**************************************************************
+Product: Everfocus EDSR series
+Version affected: 1.4 and older
+Website: http://www.everfocus.com/
+Discovered By: Andrea Fabrizi
+Email: andrea.fabrizi () gmail com
+Web: http://www.andreafabrizi.it
+Vuln: remote DVR applet authentication bypass
+**************************************************************
+
+The EDSR firmware don't handle correctly users authentication and sessions.
+
+This exploit let you to connect to every remote DVR (without username
+and password) and see the live cams :)
+Exploit: http://www.andreafabrizi.it/files/EverFocus_Edsr_Exploit.tar.gz
+
+I discovered this vulnerability one year ago and i have informed the
+vendor, but apparently
+there is no solution at this time.
+
+-- 
+Andrea Fabrizi
+http://www.andreafabrizi.it
+
+
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10209.tar.gz (2009-11-22-EverFocus_Edsr_Exploit.tar.gz)
\ No newline at end of file