GeneralInformation

Hostnames	26.221.224.159.triolan.net
Domains	triolan.net
Country	Ukraine
City	Poltava
Organization	CONTENT DELIVERY NETWORK LTD
ISP	CONTENT DELIVERY NETWORK LTD
ASN	AS13188

WebTechnologies

JavaScript libraries

jQuery1.7.1

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-7656	4.3jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2012-6708	4.3jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

OpenPorts

80 554

1398885845 | 2024-04-29T14:50:51.934910

80 / tcp

HTTP/1.0 200 OK
Date: Sat Jul 14 03:21:11 2012
Server: DVRDVS-Webs
Last-modified: Wed Mar  5 06:25:35 2014
Content-length: 1577
Content-type: text/html


Hikvision IP Camera:
  ActiveX Files:
    HCWPWebVideoActiveX.ocx: 3.0.4.14
    NetStream.dll: 1.0.3.13
    npHCWPWebVideoPlugin.dll: 3.0.4.14
    PlayCtrl.dll: 6.5.2.40
    StreamTransClient.dll: 1.1.2.3
    SystemTransform.dll: 2.3.0.10

-99464001 | 2024-05-01T03:18:05.002949

554 / tcp

RTSP/1.0 401 Unauthorized
CSeq: 1
WWW-Authenticate: Digest realm="Hikvision", nonce="05e035e771153ccf1e69118237c2060f", stale="FALSE"
WWW-Authenticate: Basic realm="/"

159.224.221.26

Last Seen: 2024-05-01

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1398885845 | 2024-04-29T14:50:51.934910
80 / tcp

Hikvision IP Camera

-99464001 | 2024-05-01T03:18:05.002949
554 / tcp

Products

Pricing

Contact Us

159.224.221.26

Last Seen: 2024-05-01

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

1398885845 | 2024-04-29T14:50:51.934910 80 / tcp

Hikvision IP Camera

-99464001 | 2024-05-01T03:18:05.002949 554 / tcp

Products

Pricing

Contact Us

1398885845 | 2024-04-29T14:50:51.934910
80 / tcp

-99464001 | 2024-05-01T03:18:05.002949
554 / tcp