Privilege escalation

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file...

Cross site scripting

SolarView Compact v6.0 was discovered to contain a cross-site scripting XSS vulnerability via the component SolarAiConf.php...

CVE-2022-31373

SolarView Compact v6.0 was discovered to contain a cross-site scripting XSS vulnerability via the component SolarAiConf.php...

CVE-2022-31373

SolarView Compact (v6.0/6.00) contains a cross-site scripting vulnerability in the Solar_AiConf.php component. An attacker can inject script that runs in the victim’s browser, potentially leading to session hijacking or credential theft. Root cause described across sources is insufficient input v...

CVE-2022-31374

CVE-2022-31374 affects Contec SolarView Compact 6.0. The vulnerability is an arbitrary file upload in /images/background/1.php that allows an attacker to execute arbitrary code by submitting a crafted PHP file. Root cause: improper handling/filtration of input in the image handling path leading t...

CVE-2022-31374

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file...

Contec SolarView Compact 跨站脚本漏洞

Contec SolarView Compact is an application from Contec Japan, Inc. Contec SolarView Compact v6.0 contains a cross-site scripting vulnerability that originates in the component SolarAiConf.php, which lacks a data validation filter for user-supplied data and output. An attacker could exploit this...

Contec SolarView Compact 代码问题漏洞

Contec SolarView Compact is an application from Contec Japan, Inc. Contec SolarView Compact v6.0 contains a remote code execution vulnerability that stems from a failure of SolarImage.php to properly filter special elements of the construction snippet. An attacker could exploit this vulnerability...

PT-2022-3046 · Siemens · Simatic Wincc Oa V3.17 +4

Name of the Vulnerable Software and Affected Versions: Cerberus DMS versions all Desigo CC versions all Desigo CC Compact versions all SIMATIC WinCC OA V3.16 versions all SIMATIC WinCC OA V3.17 versions all SIMATIC WinCC OA V3.18 versions all Description: A vulnerability has been identified in th...

SolarView Compact 6.00 Cross Site Scripting

Exploit Title: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29299 Tested on: Windows Proof Of Concept:...

SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS)

Exploit Title: SolarView Compact 6.00 - 'pow' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29301 Tested on: Windows Proof Of Concept:...

SolarView Compact 6.00 - (pow) Cross-Site Scripting Vulnerability

Exploit Title: SolarView Compact 6.00 - 'pow' Cross-Site Scripting XSS Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29301 Tested on: Windows Proof Of Concept:...

SolarView Compact 6.00 - (time_begin) Cross-Site Scripting Vulnerability

Exploit Title: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting XSS Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29299 Tested on: Windows Proof Of Concept:...

SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting (XSS)

Exploit Title: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29299 Tested on: Windows Proof Of Concept:...

SolarView Compact 6.00 Directory Traversal

Exploit Title: SolarView Compact 6.00 - Directory Traversal Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : Aiactive Author linkedin profile : https://www.linkedin.com/in/ahmedalroky/ Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE :...

SolarView Compact 6.00 - Directory Traversal

Exploit Title: SolarView Compact 6.00 - Directory Traversal Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : Aiactive Author linkedin profile : https://www.linkedin.com/in/ahmedalroky/ Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE :...

CVE-2022-1669 Circutor COMPACT DC-S BASIC

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary index.cgi to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Addres...

GHSA-X68X-WVM2-HQC8 Stored XSS vulnerability in Jenkins Compact Columns Plugin

Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. Compact Columns Plugin 1.12 applies the configured markup formatter to the job...

Stored XSS vulnerability in Jenkins Compact Columns Plugin

Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. Compact Columns Plugin 1.12 applies the configured markup formatter to the job...

SolarView Compact 6.0 - OS Command Injection Vulnerability

Exploit Title: SolarView Compact 6.0 - OS Command Injection Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29303 Tested on: Windows Exploit HTTP Request : POST /confmail.php HTTP/1.1...