漏洞描述
HIKVISION 流媒体管理服务器 downFile.php的参数未经任何过滤,可以任意下载敏感文件
HIKVISION 流媒体管理服务器 后台任意读取
PoC代码
暂无相关漏洞推荐
-
CVE-2017-7921: Hikvision CVE-2017-7921 POC
2025-09-01 | Hikvision/Security/users?auth=YWRtaW46MTEK /onvif-http/snapshot?auth=YWRtaW46MTEK /System/configurationFile... -
CVE-2021-36260: Hikvision IP camera/NVR - Unauthenticated RCE POC
2025-09-01 | Hikvision IP camera NVRA command injection vulnerability in the web server of some Hikvision product. Due to the insufficie... -
hikvision-intercom-service-default-password: Hikvision Intercom Service Default Password POC
2025-09-01 | Hikvision Intercom Serviceapp="HIKVISION-群组对讲服务配置平台" admin/12345 -
SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC
2025-09-22 00:22:31 | SourceCodester Pet Grooming Management SoftwareSourceCodester Pet Grooming Management Software是SourceCodester开源的一个宠物美容管理系统。 SourceCodester Pet Groo... -
D-Link DIR-645 命令注入漏洞 无POC
2025-09-22 00:22:31 | D-Link DIR-645D-Link DIR-645是中国友讯(D-Link)公司的一款无线路由器。 D-Link DIR-645 105B01版本存在命令注入漏洞,该漏洞源于对文件/soap.cgi中参数service的错...