Skip to main content
CVE-2013-3612 CRITICAL POC THREAT Emergency

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

Dahua Authentication Bypass Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
12.1%
CVE-2013-3614 CRITICAL POC THREAT Emergency

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.8%.

Privilege Escalation Dahua Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
10.8%
CVE-2013-3613 HIGH POC THREAT Act Now

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

Dahua Authentication Bypass Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
12.0%
CVE-2013-3615 HIGH POC This Week

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dahua Authentication Bypass Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
8.6%
CVE-2013-5754 CRITICAL Act Now

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dahua Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2013-5709 HIGH This Week

The authentication implementation in the web server on Siemens SCALANCE X-200 switches with firmware before 5.0.0 does not use a sufficient source of entropy for generating values of random numbers,. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens Information Disclosure Scalance X 200 Series Firmware Scalance X 200 Scalance X 200Rna +6
NVD
CVSS 2.0
8.3
EPSS
0.5%
CVE-2013-5711 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

WordPress PHP XSS Design Approval System Plugin
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-2297 MEDIUM This Month

Eucalyptus EuStore sets a blank root password in the default configuration of EMI 3868652036, EMI 0400376721, EMI 2425352071, and EMI 1347115203, which allows local users to gain privileges via. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Eustore
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-2296 MEDIUM This Month

Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Eucalyptus
NVD
CVSS 2.0
5.5
EPSS
0.1%
CVE-2013-2788 MEDIUM This Month

The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Substation Server
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-4067 MEDIUM This Month

Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Eucalyptus
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4766 MEDIUM PATCH This Month

The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Eucalyptus
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy