bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

re-add files.csv

Browse source
This commit is contained in:
Offensive Security 2014-01-11 02:01:46 +00:00
parent 6cacab32e4
commit fcd524a868
2 changed files with 27709 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27683
files.csv Executable file
View file

File diff suppressed because it is too large Load diff

26
platforms/webapps/10209.txt Executable file
View file

@ -0,0 +1,26 @@
**************************************************************
Product: Everfocus EDSR series
Version affected: 1.4 and older
Website: http://www.everfocus.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi () gmail com
Web: http://www.andreafabrizi.it
Vuln: remote DVR applet authentication bypass
**************************************************************
The EDSR firmware don't handle correctly users authentication and sessions.
This exploit let you to connect to every remote DVR (without username
and password) and see the live cams :)
Exploit: http://www.andreafabrizi.it/files/EverFocus_Edsr_Exploit.tar.gz
I discovered this vulnerability one year ago and i have informed the
vendor, but apparently
there is no solution at this time.
--
Andrea Fabrizi
http://www.andreafabrizi.it
http://www.exploit-db.com/sploits/2009-11-22-EverFocus_Edsr_Exploit.tar.gz