Search the Community
Showing results for tags 'nuuo'.
-
NUUO NVRMini 2 version 3.9.1 suffers from an sscanf stack overflow vulnerability. View the full article
-
The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xp_cmdshell can be enabled and abused to achieve code execution. This module will either use a provided session number (which can be guessed with an auxiliary module) or attempt to login using a provided username and password - it will also try the default credentials if nothing is provided. View the full article
-
The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. The vulnerability is in the FileName parameter, which accepts directory traversal (..\\..\\) characters. Therefore, this function can be abused to overwrite any files in the installation drive of CMS Server. This vulnerability is exploitable in CMS versions up to and including 2.4. View the full article
-
NUUO NVRMini2 version 3.9.1 suffers from an authenticated command injection vulnerability. View the full article
-
NUUO NVRMini2 version 3.8 cgi_system buffer overflow exploit. View the full article