10 matches found
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery
Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...
EUVD-2020-30845
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
CVE-2020-36884
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
BrightSign Digital Signage Diagnostic Web Server 代码问题漏洞
BrightSign Digital Signage Diagnostic Web Server is a troubleshooting and configuration tool from BrightSign USA. A code issue vulnerability exists in BrightSign Digital Signage Diagnostic Web Server version 8.2.26 and earlier, which stems from a server-side request forgery in the url parameter o...
PT-2025-50508
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
kylinos kylin-system-updater OS Command Injection Vulnerability
kylinos kylin-system-updater is an operating system component from China's KylinSoft kylinos. An operating system command injection vulnerability exists in KylinSoft kylin-system-updater 2.0.5.16-0k2.33 and earlier versions, which originates in /usr/share/kylin-system-...
iMesh 7.1.0.x - 'IMWeb.dll 7.0.0.x' Remote Heap Overflow
!-- iMesh = 7.1.0.x IMWebControl Class IMWeb.dll 7.0.0.x remote heap exploit IE7/XP full patched by rgod, site: http://retrogod.altervista.org/ software site: http://www.imesh.com "iMesh is a file sharing and online social network. It uses a proprietary, centralized, P2P protocol. iMesh is owned ...
[slackware-security] pidgin
A new pidgin package is available for Slackware 12.0 to fix a minor fix security issue. More details about this issue may be found here: http://www.pidgin.im/news/security/?id=23 Here are the details from the Slackware 12.0 ChangeLog: patches/packages/pidgin-2.2.1-i486-1slack12.0.tgz: Upgraded to...
[fixed URLs] firefox/thunderbird/seamonkey
The original advisory for this issue contained incorrect URLs for the Slackware 11.0 patches. Sorry about that! The URLs for the 10.2 packages were correct and the Firefox/Thunderbird links given for 11.0 would have been just fine anyway since 10.2 and 11.0 are using the same packages for those...