漏洞描述
【漏洞对象】Surveillance DVR 【涉及版本】 4.0.0.0版本 【漏洞描述】 摄像头录像大师Argus SurveillanceDVR的WEBACCOUNT.CGI文件RESULTPAGE参数路径遍历导致可读取系统配置文件,导致网站处于极度不安全状态。
Argus Surveillance DVR WEBACCOUNT.CGI文件RESULTPAGE参数-目录遍历(CVE-2018-15745)
PoC代码
暂无相关漏洞推荐
-
CVE-2018-9995: DVR Authentication Bypass POC
2025-09-01 | DVRDVR,全称为Digital Video Recorder(硬盘录像机),即数字视频录像机。最初由阿根廷研究员发现,通过使用“Cookie: uid = admin”的Cookie标头来访问特定DVR... -
avtech-dvr-exposure: Avtech AVC798HA DVR Information Exposure POC
2025-09-01 | Avtech DVRUnder the /cgi-bin/nobody folder every CGI script can be accessed without authentication. app="... -
CVE-2018-15745: Argus Surveillance DVR 4.0.0.0 - Local File Inclusion POC
2025-08-01 | Argus Surveillance DVRArgus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file d... -
CVE-2018-1000600: Pre-auth Fully-responded SSRF POC
2025-09-01 | Pre-authA exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... -
CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC
2025-09-01 | JenkinsA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier...