Hikvision Remote Code Execution / XSS / SQL Injection | allinfosecnews.com

Web: https://packetstormsecurity.com/files/170818/hikvision-execxsssql.txt

Jan. 31, 2023, 5:17 p.m. |

Packet Storm packetstormsecurity.com

Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.

code code execution hikvision injection remote code execution sql sql injection xss

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-5991-1 23 hours ago | packetstormsecurity.com

notice security security notice ubuntu +1

Ubuntu Security Notice USN-5990-1 23 hours ago | packetstormsecurity.com

notice security security notice ubuntu +1

Ubuntu Security Notice USN-5989-1 23 hours ago | packetstormsecurity.com

notice security security notice ubuntu +1

Judging Management System 1.0 Shell Upload 23 hours ago | packetstormsecurity.com

management shell system

Judging Management System 1.0 SQL Injection 23 hours ago | packetstormsecurity.com

injection management sql sql injection +1

EQ Enterprise Management System 2.2.0 SQL Injection 23 hours ago | packetstormsecurity.com

enterprise injection management sql +2

Online Pizza Ordering 1.0 SQL Injection 23 hours ago | packetstormsecurity.com

injection sql sql injection

rconfig 3.9.7 SQL Injection 23 hours ago | packetstormsecurity.com

injection rconfig sql sql injection

CoolerMaster MasterPlus 1.8.5 Unquoted Service Path 23 hours ago | packetstormsecurity.com

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain

View on infosec-jobs.com

Cybersecurity Analyst

@ Visa | Bengaluru, India

View on infosec-jobs.com

Information Security Engineer

@ ServiceNow | Orlando, FL, United States

View on infosec-jobs.com

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States

View on infosec-jobs.com

Azure DevSecOps - Solution Architect

@ Citizant | Chantilly, VA, United States

View on infosec-jobs.com

Cybersecurity Champion

@ NielsenIQ | Chicago, IL, United States

View on infosec-jobs.com

Senior Information Security Analyst

@ QAD, Inc. | Wroclaw, Poland

View on infosec-jobs.com

VP, Information Security

@ TrueAccord | Remote

View on infosec-jobs.com

DevSecOps Engineer- (100%) ( w/m/d) - Valbonne - Hybrid Work

@ SMG Swiss Marketplace Group | Valbonne, France

View on infosec-jobs.com

Information Security Director - Attack Surface Management (100% US REMOTE)

@ Experian | Allen, TX, United States

View on infosec-jobs.com

Director - Cybersecurity and Compliance

@ Visa | Foster City, CA, United States

View on infosec-jobs.com

Senior Threat Analyst | Remote, USA

@ Optiv | Kansas City, MO

View on infosec-jobs.com