11 matches found
EUVD-2017-4452
Malware in sbrugna...
EUVD-2017-4453
Malware in sbrugna...
TecnoVISION DLX Spot Player4 Elevation of Privilege Vulnerability
TecnoVISION DLX Spot Player4 is a control management software for LED video walls from TecnoVISION Australia. A security vulnerability exists in TecnoVISION DLX Spot Player4, which originates from the use of the hardcoded password 'tecn0visi0n' for the dlxuser account. The vulnerability can be...
Hardcoded credentials
A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 all known versions allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials...
CVE-2017-12930
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version 1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password...
Design/Logic Flaw
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version 1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution...
CVE-2017-12930
TecnoVISION DLX Spot Player4 (TecnoVISION DLX Spot) has an SQL Injection vulnerability in the admin interface for versions >1.5.10, enabling remote unauthenticated attackers to access the web interface as an administrator via a crafted password. Root cause: SQLi in the admin login. Impact: pot...
CVE-2017-12929
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version 1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution...
CVE-2017-12928
A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 all known versions allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials...
CVE-2017-12930
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version 1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password...
Tecnovision DLX Spot - Arbitrary File Upload
Tecnovision DLX Spot - Arbitrary File Upload Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/...