13 matches found
EUVD-2020-28094
Malware in sbrugna...
EUVD-2020-28095
Malware in sbrugna...
CVE-2020-6954
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a mediafolder.cgi?applymode=pingserver URI...
CVE-2020-6955
An issue was discovered on Cayin SMP-PRO4 devices. They allow imagepreview.html?filename= reflected XSS...
Cayin SMP-PRO4 Cross-Site Scripting Vulnerability
The Cayin SMP-PRO4 is a digital signage player. A cross-site scripting vulnerability exists in Cayin SMP-PRO4. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...
Unspecified Vulnerability in Cayin SMP-PRO4
The Cayin SMP-PRO4 is a digital signage player. An unspecified vulnerability exists in the Cayin SMP-PRO4. An attacker can exploit the vulnerability to view stored passwords...
CVE-2020-6954
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a mediafolder.cgi?applymode=pingserver URI...
Default credentials
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a mediafolder.cgi?applymode=pingserver URI...
Cross site scripting
An issue was discovered on Cayin SMP-PRO4 devices. They allow imagepreview.html?filename= reflected XSS...
CVE-2020-6954
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a mediafolder.cgi?applymode=pingserver URI...
CVE-2020-6954
CVE-2020-6954 affects Cayin SMP-PRO4 digital signage players. A user can view a saved password by inspecting the URL after a Connection String Test; the password is exposed in the webpass parameter of the media_folder.cgi?apply_mode=ping_server URI. The impact is partial confidentiality (per CVSS...
CVE-2020-6955
CVE-2020-6955 affects Cayin SMP-PRO4 devices. The issue is a reflected XSS in the web interface triggered by image_preview.html?filename=, due to insufficient validation of client-side data by the WEB application. Documents from CNVD/CNVD-derived sources describe the vulnerability as a cross-site...
CVE-2020-6955
An issue was discovered on Cayin SMP-PRO4 devices. They allow imagepreview.html?filename= reflected XSS...