36 matches found
CVE-2020-37228
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...
CVE-2020-37228
The CVE-2020-37228 entry concerns iDS6 DSSPro Digital Signage System 6.2, where a CAPTCHA security bypass allows authentication bypass by requesting the autoLoginVerifyCode object. Attackers can obtain valid CAPTCHA codes via the login endpoint and use them to brute-force user accounts. The vulne...
CVE-2020-37228
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...
EUVD-2020-31229
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...
PT-2026-41428
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks agains...
CVE-2026-31955
Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...
CVE-2020-36921
RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...
CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie
iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...
CVE-2020-36921 RED-V Super Digital Signage System 5.1.1 Log Information Disclosure Vulnerability
RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication...
CVE-2020-36918
CVE-2020-36918 affects the iDS6 DSSPro Digital Signage System v6.2. It describes a cross-site request forgery (CSRF) where an attacker can induce susceptible admins to perform actions (e.g., add unauthorized users) without proper request validation by crafting malicious pages. The vulnerability s...
CVE-2020-36918 iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the...
PT-2026-1452
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the...
CVE-2020-36900
All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...
CVE-2020-36900 All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management
All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...
CVE-2020-36900
All-Dynamics Digital Signage System 2.0.2 is affected by a cross-site request forgery that allows creation of administrative users via an attacker-crafted page. The root cause is insufficient request validation in the user-management flow, enabling an authenticated user to be coerced into submitt...
CVE-2020-36900 All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management
All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...
Narkom Pyxis Signage 跨站脚本漏洞
Narkom Pyxis Signage is a digital notice screen management system from Narkom Turkey. A cross-site scripting vulnerability exists in Narkom Pyxis Signage 31012025 and earlier versions, which stems from improper input neutralization and could lead to a stored cross-site scripting attack...
Weak password vulnerability in StarNet Ruijie's digital signage
Starnet Ruijie Digital Signage is a digital signage information platform that effectively responds to the complex information distribution environment of decentralization, fragmentation and mobility. A weak password vulnerability exists in Starnet Digital Signage, which can be exploited by an...
iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery
iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery CSRF Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is ...
iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation
Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...