Lucene search
K

36 matches found

NVD
NVD
added 2026/05/16 4:16 p.m.14 views

CVE-2020-37228

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS0.00429EPSS
Exploits1References4
CVE
CVE
added 2026/05/16 3:25 p.m.14 views

CVE-2020-37228

The CVE-2020-37228 entry concerns iDS6 DSSPro Digital Signage System 6.2, where a CAPTCHA security bypass allows authentication bypass by requesting the autoLoginVerifyCode object. Attackers can obtain valid CAPTCHA codes via the login endpoint and use them to brute-force user accounts. The vulne...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.8 views

CVE-2020-37228

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/16 3:25 p.m.12 views

EUVD-2020-31229

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.17 views

PT-2026-41428

iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...

9.8CVSS5.8AI score0.00429EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/24 12:14 a.m.6 views

CVE-2026-31955

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/01/06 4:15 p.m.5 views

CVE-2020-36921

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

7.5CVSS0.00378EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/06 3:53 p.m.3 views

CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...

8.6CVSS6.2AI score0.0028EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/06 3:52 p.m.26 views

CVE-2020-36921 RED-V Super Digital Signage System 5.1.1 Log Information Disclosure Vulnerability

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...

7.5CVSS0.00378EPSS
Exploits1References6
CVE
CVE
added 2026/01/06 3:52 p.m.9 views

CVE-2020-36918

CVE-2020-36918 affects the iDS6 DSSPro Digital Signage System v6.2. It describes a cross-site request forgery (CSRF) where an attacker can induce susceptible admins to perform actions (e.g., add unauthorized users) without proper request validation by crafting malicious pages. The vulnerability s...

5.1CVSS6.4AI score0.00142EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/06 3:52 p.m.30 views

CVE-2020-36918 iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the...

5.1CVSS0.00142EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.3 views

PT-2026-1452

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the...

5.1CVSS6.8AI score0.00142EPSS
Exploits1References8
OSV
OSV
added 2025/12/10 9:16 p.m.3 views

CVE-2020-36900

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.8CVSS5.7AI score0.00224EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/10 9:4 p.m.4 views

CVE-2020-36900 All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.6CVSS6.4AI score0.00224EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 9:4 p.m.16 views

CVE-2020-36900

All-Dynamics Digital Signage System 2.0.2 is affected by a cross-site request forgery that allows creation of administrative users via an attacker-crafted page. The root cause is insufficient request validation in the user-management flow, enabling an authenticated user to be coerced into submitt...

8.8CVSS6.4AI score0.00224EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/12/10 9:4 p.m.24 views

CVE-2020-36900 All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.6CVSS0.00224EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.4 views

Narkom Pyxis Signage 跨站脚本漏洞

Narkom Pyxis Signage is a digital notice screen management system from Narkom Turkey. A cross-site scripting vulnerability exists in Narkom Pyxis Signage 31012025 and earlier versions, which stems from improper input neutralization and could lead to a stored cross-site scripting attack...

7.2CVSS5.9AI score0.00325EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/15 12:0 a.m.5 views

Weak password vulnerability in StarNet Ruijie's digital signage

Starnet Ruijie Digital Signage is a digital signage information platform that effectively responds to the complex information distribution environment of decentralization, fragmentation and mobility. A weak password vulnerability exists in Starnet Digital Signage, which can be exploited by an...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/05 12:0 a.m.304 views

iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery CSRF Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/05 12:0 a.m.410 views

iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...

7.4AI score
Exploits0
Rows per page
Query Builder