Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905.

Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command.

An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device.

An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.

Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.

Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request.

Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions.

Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.