Phoenix Contact iDS6 DSSPro 安全漏洞

Phoenix Contact iDS6 DSSPro is a digital signage management system from iDS6 USA. A security vulnerability exists in Phoenix Contact iDS6 DSSPro version 6.2, which stems from susceptibility to a cross-site request forgery attack that could result in the addition of unauthorized users...

Phoenix Contact iDS6 DSSPro 安全漏洞

Phoenix Contact iDS6 DSSPro is a digital signage management system from iDS6 USA. A security vulnerability exists in Phoenix Contact iDS6 DSSPro version 6.2, which stems from the presence of an improper access control vulnerability that could lead to the creation of users, modification of roles a...

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is a...

iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...

iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery CSRF Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is ...

iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation

iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage manageme...

iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the consol...

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The CAPTCHA function for DSSPro is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the...

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery (CSRF)

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...

iDS6 DSSPro Digital Signage System 6.2 (autoSave) Cookie User Password Disclosure

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application suffers from a cleartext transmission/storage of sensitive information in a cookie when using the Remember autoSave=true feature. This allows a...