CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22514
https://notcve.org/view.php?id=CVE-2024-22514
06 Feb 2024 — An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. Un problema descubierto en iSpyConnect.com Agent DVR 5.1.6.0 permite a los atacantes ejecutar archivos arbitrarios restaurando un archivo de copia de seguridad manipulado. • https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22515
https://notcve.org/view.php?id=CVE-2024-22515
06 Feb 2024 — Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. Vulnerabilidad de carga de archivos sin restricciones en iSpyConnect.com Agent DVR 5.1.6.0 permite a atacantes cargar archivos arbitrarios a través del componente de carga de audio. • https://github.com/Orange-418/AgentDVR-5.1.6.0-File-Upload-and-Remote-Code-Execution • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2022-29774
https://notcve.org/view.php?id=CVE-2022-29774
21 Jun 2022 — iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. iSpy versión v7.2.2.0 es vulnerable a la ejecución remota de comandos mediante path traversal • https://gist.github.com/securylight/79f673aa3a453c80c0e78f356a8f650b • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-29775
https://notcve.org/view.php?id=CVE-2022-29775
21 Jun 2022 — iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. iSpyConnect iSpy versión v7.2.2.0, permite a atacantes omitir la autenticación por medio de una URL diseñada • https://gist.github.com/securylight/79f673aa3a453c80c0e78f356a8f650b • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13093
https://notcve.org/view.php?id=CVE-2020-13093
15 May 2020 — iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. iSpyConnect.com Agent DVR versiones anteriores a 2.7.1.0, permite un salto de directorio. • https://www.ispyconnect.com/producthistory.aspx?productid=27 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •