📄 JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown

JUNG Smart Visu Server version 1.1.1050 suffers from a denial of service vulnerability. An unauthenticated attacker can reboot or shutdown the server by sending one GET request. JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown Vendor: ALBRECHT JUNG GMBH & CO. KG Product web page:...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials

Ilevia EVE X1/X5 Server version 4.7.18.0.eden uses a weak set of default administrative credentials that can be found and used to gain full control of the system. Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected versio...

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver...

Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path

Tosibox Key Service 3.3.0 Local Privilege Escalation Vendor: Tosibox Oy Product web page: https://www.tosibox.com Affected version: sc qc "Tosibox Key Service" SC QueryServiceConfig SUCCESS SERVICENAME: Tosibox Key Service TYPE : 110 WIN32OWNPROCESS interactive STARTTYPE : 2...

Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation

form action="http://trans...

Sielco Radio Link 2.06 Cross Site Request Forgery

CSRF Add Admin: --------------- input type="hidden" name="user2...

Tenda HG6 3.3.0 Remote Command Injection

Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Vendor: Tenda Technology Co.,Ltd. Product web page: https://www.tendacn.com https://www.tendacn.com/product/HG6.html Affected version: Firmware version: 3.3.0-210926 Software version: v1.1.0 Hardware Version: v1.0 Check Version:...

Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root

!/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: CTM-ONE 1.3.6-latest CTM-ONE 1.3.1 CTM-ONE 1.1.9 CTM200 2.7.1.5659-latest CTM200 2.0.5.3356-184 Summar...

Ricon Industrial Cellular Router S9922XL - Remote Command Execution Exploit

Exploit Title: Ricon Industrial Cellular Router S9922XL - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor Homepage: https://www.riconmobile.com !/usr/bin/env python3 -- coding: utf-8 -- Ricon Industrial Cellular Router S9922XL Remote Command Execution Vendor: Ricon Mobile Inc...

Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation Vulnerability

Exploit Title: Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation Date: 04.05.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.epicgames.com https://www.easy.ac Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation Vendor: Epic Games, Inc. Product web page:...

STVS ProVision 5.9.10 File Disclosure

STVS ProVision 5.9.10 archive.rb Authenticated File Disclosure Vulnerability Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected version: 5.9.10 build 2885-3a8219a 5.9.9 build 2882-7c3b787 5.9.7 build 2871-a450938 5.9.1 build 2771-1bbed11 5.9.0 build 2701-6123026 5.8.6...

iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page...

BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated)

Exploit Title: BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery Unauthenticated Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.brightsign.biz Version: = 8.2.26 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SS...

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242 Summary: Drive production profitability with Fiery servers and workflow...

Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection Vulnerability

Exploit for hardware platform in category web applications Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection Vendor: Dell Inc. Product web page: https://www.sonicwall.com/products/sonicwall-gms/ Affected version: 8.1 8.0 SP1 Build 8048.1410 Flow Server Virtual Appliance Fixed in...

Centreon 2.6.1 Command Injection

Centreon 2.6.1 Command Injection Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and...

Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit

Soitec SmartEnergy web application suffers from an authentication bypass vulnerability using SQL Injection attack in the login script. The script fails to sanitize the 'login' POST parameter allowing the attacker to bypass the security mechanism and view sensitive information that can be further...

Baidu Spark Browser 26.5.9999.3511 Stack Overflow

...

ImpressPages CMS 3.6 - Arbitrary File Deletion

ImpressPages CMS 3.6 - Arbitrary File Deletion ImpressPages CMS v3.6 Remote Arbitrary File Deletion Vulnerability Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6 Summary: ImpressPages CMS is an open source web content management system with...