📄 Mouse Agent Server 3.1 Remote Code Execution

Mouse Agent Server version 3.1 is vulnerable to unauthenticated remote code execution by simulating mouse/keyboard inputs to force the target to execute a PowerShell reverse shell. It works against default configurations by sending GUI automation commands through port 8088. Exploit Title: Mouse...

CVE-2023-22855

CVE-2023-22855 affects Kardex Mlog MCC 5.7.12+0-a203c2a213-master. A user-controllable path is passed to Path.Combine in the MCC web interface (port 8088) without proper sanitisation, enabling file inclusion on local/SMB shares and, when a .t4 template is processed by mono/t4, remote code executi...

Security Bulletin: Yarn UI/API Security issue

Summary The Yarn UI/API running on port 8088 is not secured by default. If the host machine or container is configured in a network where port 8088 is open to the internet then, in this mode of operation, anonymous users can submit yarn applications. A yarn application can perform arbitrary tasks...

AppearTV XC5000 and XC5100 File Read Vulnerability

The AppearTV XC5000 and XC5100 are both versatile, carrier-grade broadcast devices from AppearTV Norway. A security vulnerability exists in the AppearTV XC5000 and XC5100 using firmware version 3.26.217. An attacker could send a specially crafted HTTP request to a web server running Maintenance...

CVE-2018-7539

On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request such as GET /../../../../../../../../../../../../etc/passwd to the web server fuzzd/0.1.1 running the Maintenance Center on port TCP/8088. This can lead to full...