Blog | Disclosure

OS Command Injection in Infoblox NetMRI Products - CVE-2014-3418 + CVE-2014-3419

Posted on July 09, 2014

While performing an internal security assessment for a client, I discovered an OS command injection vulnerability in an Infoblox NetMRI appliance. This was totally by accident, just going about our regular testing of web applications. I stumbled across the following page and used a proxy to submit values to the "Username" and "Password" fields of the application. Infoblox Login Page...Continue reading 

Dahua DVR Authentication Bypass - CVE-2013-6117

Posted on November 13, 2013

When I had my last house built, I wired it for a CCTV camera system. I ran siamese rg58 coaxial cable (the type with a separate pair for low voltage power) from a central location to all my camera locations since it's a pain to do once a house is built. I bought a cheap Dahua network-enabled DVR from one...Continue reading 

Have Questions?
Get Answers