CVE-2024-22514
https://notcve.org/view.php?id=CVE-2024-22514
An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. Un problema descubierto en iSpyConnect.com Agent DVR 5.1.6.0 permite a los atacantes ejecutar archivos arbitrarios restaurando un archivo de copia de seguridad manipulado. • https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-22515
https://notcve.org/view.php?id=CVE-2024-22515
Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. Vulnerabilidad de carga de archivos sin restricciones en iSpyConnect.com Agent DVR 5.1.6.0 permite a atacantes cargar archivos arbitrarios a través del componente de carga de audio. • https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-29774
https://notcve.org/view.php?id=CVE-2022-29774
iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. iSpy versión v7.2.2.0 es vulnerable a la ejecución remota de comandos mediante path traversal • https://gist.github.com/securylight/79f673aa3a453c80c0e78f356a8f650b https://github.com/securylight/CVES_write_ups https://github.com/securylight/CVES_write_ups/blob/main/iSpy_connect.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-29775
https://notcve.org/view.php?id=CVE-2022-29775
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. iSpyConnect iSpy versión v7.2.2.0, permite a atacantes omitir la autenticación por medio de una URL diseñada • https://gist.github.com/securylight/79f673aa3a453c80c0e78f356a8f650b https://github.com/securylight/CVES_write_ups • CWE-287: Improper Authentication •
CVE-2020-13093
https://notcve.org/view.php?id=CVE-2020-13093
iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. iSpyConnect.com Agent DVR versiones anteriores a 2.7.1.0, permite un salto de directorio. • https://www.ispyconnect.com/producthistory.aspx?productid=27 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •