Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:10 p.m.8 views

CVE-2018-18931

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...

9CVSS7.3AI score0.01631EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-6481

Malware in sbrugna...

5.5CVSS5.5AI score0.06394EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-10635

Malware in sbrugna...

8.8CVSS8.6AI score0.01114EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-4588

Malware in sbrugna...

10CVSS9.1AI score0.01114EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 1:21 p.m.9 views

CVE-2018-14573

A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...

5.5CVSS7.1AI score0.06394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:11 p.m.8 views

CVE-2018-18930

The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file based on an exported backup of...

8.8CVSS8AI score0.0275EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 a.m.7 views

CVE-2018-18929

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username a...

8.8CVSS7.1AI score0.01114EPSS
Exploits1References1
NVD
NVD
added 2019/10/29 8:15 p.m.17 views

CVE-2018-18930

The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file based on an exported backup of...

8.8CVSS8.9AI score0.0275EPSS
Exploits1References1
NVD
NVD
added 2019/10/29 8:15 p.m.23 views

CVE-2018-18929

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username a...

8.8CVSS8.7AI score0.01114EPSS
Exploits1References1
NVD
NVD
added 2019/10/29 8:15 p.m.20 views

CVE-2018-18931

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...

9CVSS8.9AI score0.01631EPSS
Exploits1References1
Prion
Prion
added 2019/10/29 8:15 p.m.22 views

Default credentials

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username a...

4CVSS8.6AI score0.01114EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/10/29 8:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...

9CVSS8.9AI score0.01631EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/29 7:36 p.m.25 views

CVE-2018-18931

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...

8.9AI score0.01631EPSS
Exploits1References1
CVE
CVE
added 2019/10/29 7:36 p.m.69 views

CVE-2018-18931

CVE-2018-18931 affects Tightrope Media Carousel (v7.0.4.104). The issue arises from insecure default permissions on C:\TRMS\Services, enabling an attacker with system access to replace Carousel.Service.exe with a malicious executable. This independent service can be manipulated without affecting ...

9CVSS8.8AI score0.01631EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/29 7:35 p.m.18 views

CVE-2018-18930

The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file based on an exported backup of...

9AI score0.0275EPSS
Exploits1References1
CVE
CVE
added 2019/10/29 7:35 p.m.71 views

CVE-2018-18930

The CVE-2018-18930 entry describes an arbitrary file upload vulnerability in Tightrope Media Carousel (7.0.4.104) within the Manage Bulletins/Upload feature. An authenticated attacker can craft a ZIP (based on an exported Bulletin backup) containing a malicious file; the system only checks for re...

8.8CVSS8.9AI score0.0275EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/10/29 7:33 p.m.76 views

CVE-2018-18929

The CVE concerns Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104, where a default local administrator username/password can be found in an unattend.xml left on the C: drive from Sysprep. An attacker with these credentials can gain administrator-level access to the system. Th...

8.8CVSS8.6AI score0.01114EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/29 7:33 p.m.21 views

CVE-2018-18929

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username a...

8.7AI score0.01114EPSS
Exploits1References1
NVD
NVD
added 2019/08/26 6:15 p.m.16 views

CVE-2019-13020

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content...

10CVSS9.3AI score0.01114EPSS
Exploits0References1
OSV
OSV
added 2019/08/26 6:15 p.m.4 views

CVE-2019-13020

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content...

10CVSS7.3AI score0.01114EPSS
Exploits0References1
Rows per page
Query Builder