11 matches found
CVE-2019-20354
The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...
piSignage 2.6.4 - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Exploit Title: piSignage 2.6.4 - Directory Traversal Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application...
Unspecified vulnerability in piSignage
piSignage is an HD video digital signage player. A security vulnerability exists in the web application component of piSignage versions prior to 2.6.4. A remote attacker can exploit the vulnerability to download arbitrary files from a Raspberry Pi...
piSignage 2.6.4 - Directory Traversal
piSignage 2.6.4 - Directory Traversal Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application...
piSignage 2.6.4 Directory Traversal
Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application component of piSignage before 2.6.4 allows ...
piSignage 2.6.4 - Directory Traversal
Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application component of piSignage before 2.6.4 allows ...
CVE-2019-20354
The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...
CVE-2019-20354
The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...
Path traversal
The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...
CVE-2019-20354
The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...
CVE-2019-20354
CVE-2019-20354 affects piSignage before 2.6.4: the web application’s player API (api/settings/log?file=..) allows authenticated, low-privilege users to perform directory traversal and download arbitrary files from the Raspberry Pi. Root cause is improper validation of the file parameter, enabling...