This Metasploit modules scans for Dahua-based DVRs and then grabs settings. Optionally resets a users password and clears the device logs.
d683a8a28f0f90df138b2d6d657877bb3a080df3e5aa099aed5198bca4b0c59c
Polycom VVX-Series business media phones suffer from a path traversal vulnerability.
5d741c574dfcb465097d8b4cee29e28680a635cc5f3d80d2fe11cdbaa22c9a7e
Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Included in this archive is the advisory and a metasploit module proof of concept exploit.
96d9b275b8fb781ce81072271e7c916990a3b1533948680e2de9477c048e9956
The web interface used to administer Cisco CallManager software suffers from a lack of input validation and output encoding. As a result, an attacker could craft a request that causes the CallManager web interface to include malicious JavaScript in its response. Versions 3.1 and above were tested and found vulnerable.
a3e2245ce1c606ad2f2b81f2bb5acfe79254b1df8be15ec4f6defeb2a36d98b0