68 matches found
CVE-2020-36910
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizardsystem.cgi pages. Attackers can exploit the 'NTPServerIP' parameter with default credentials to execute arbitrary shell commands as root...
CVE-2020-36910 Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizardsystem.cgi pages. Attackers can exploit the 'NTPServerIP' parameter with default credentials to execute arbitrary shell commands as root...
CVE-2020-36910
Summary: CVE-2020-36910 affects Cayin Signage Media Player 3.0. An authenticated remote command injection exists in the system.cgi and wizard_system.cgi pages, exploitable via the NTP_Server_IP parameter with default credentials to run arbitrary shell commands as root. The vulnerability has a hig...
CVE-2020-36910 Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizardsystem.cgi pages. Attackers can exploit the 'NTPServerIP' parameter with default credentials to execute arbitrary shell commands as root...
PT-2026-1445
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard system.cgi pages. Attackers can exploit the 'NTP Server IP' parameter with default credentials to execute arbitrary shell commands as root...
Cayin Signage Media Player 操作系统命令注入漏洞
Cayin Signage Media Player is a series of electronic signage playback terminals from Cayin, a Taiwan-based company. An operating system command injection vulnerability exists in Cayin Signage Media Player version 3.0, which originates from an authenticated remote command injection vulnerability i...
EUVD-2020-28094
Malware in sbrugna...
EUVD-2020-28095
Malware in sbrugna...
EUVD-2024-48606
Malicious code in bioql PyPI...
EUVD-2024-48605
Malicious code in bioql PyPI...
CVE-2020-6954
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a mediafolder.cgi?applymode=pingserver URI...
CVE-2020-6955
An issue was discovered on Cayin SMP-PRO4 devices. They allow imagepreview.html?filename= reflected XSS...
CVE-2024-7729
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files...
CVE-2024-7728
The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server...
CVE-2024-7729
CVE-2024-7729 affects CAYIN Technology CMS, where a lack of proper access control allows unauthenticated remote attackers to download arbitrary CGI files. The entry has a CVSS v3.1 base score of 7.5 (HIGH) with network access, low attack complexity, and no privileges required. Public references (...
CVE-2024-7729 CAYIN Technology CMS - Sensitive File Download
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files...
CVE-2024-7729 CAYIN Technology CMS - Sensitive File Download
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files...
CVE-2024-7728 CAYIN Technology CMS - OS Command Injection
The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server...
CVE-2024-7728 CAYIN Technology CMS - OS Command Injection
The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server...
CVE-2024-7728
CVE-2024-7728 affects the CAYIN Technology CMS CGI, where improper input validation allows an administrator to inject OS commands into a specific parameter and execute them on the remote server. The vulnerability enables remote command execution with high impact (authentication required as an adm...