164 matches found
Mango Automation 2.6.0 Unprotected Debug Log View
Mango Automation 2.6.0 Unprotected Debug Log View Vulnerability Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software application tha...
Centreon 2.6.1 Command Injection
Centreon 2.6.1 Command Injection Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and...
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Build 150701 Rel.20962 Summary: Designed with simplicity in mind, TP-LINK's...
up.time 7.5.0 Upload And Execute File Exploit
Exploit for php platform in category web applications up.time 7.5.0 Upload And Execute File Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: up.time suffers...
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution
Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution Vendor: Microweber Team Product web page: http://www.microweber.com Affected version: 1.0.3 Summary: Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to...
Microweber 1.0.3 Shell Upload
Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution Vendor: Microweber Team Product web page: http://www.microweber.com Affected version: 1.0.3 Summary: Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to...
ArticleFR 3.0.6 Cross Site Scripting
ArticleFR 3.0.6 Multiple Script Injection Vulnerabilities Vendor: Free Reprintables Product web page: http://www.freereprintables.com Affected version: 3.0.6 Summary: A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework...
Balero CMS 0.7.2 Cross Site Scripting / SQL Injection Vulnerabilities
Balero CMS version 0.7.2 suffers from cross site scripting and SQL injection vulnerabilities. document.cookie="counter=1confirm'XSS'; path=/balerocms/"; csrf+stored xss+filter bypass+session hijack: input type="hidden" name="content" value...
Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting
Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting Vendor: Moodle Pty Ltd Product web page: https://www.moodle.org Affected version: 2.8.3, 2.7.5, 2.6.8 and 2.5.9 Summary: Moodle is a learning platform designed to provide educators, administrators and learners with a single...
Realtek 11n Wireless LAN utility - Local Privilege Escalation
Realtek 11n Wireless LAN utility privilege escalation. Vulnerability Discovered by Humberto Cabrera @dniz0r http://zeroscience.mk @zeroscience Summary: ⁃ Realtek 11n Wireless LAN utility is deployed and used by realtek alfa cards and more in order to help diagnose and view wireless card propertie...
u5CMS 3.9.3 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications u5CMS 3.9.3 thumb.php Local File Inclusion Vulnerability Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites,...
Zurmo CRM 2.8.5 Multiple Reflected Cross Site Scripting Vulnerabilities
Zurmo CRM version 2.8.5 suffers from multiple reflective cross site scripting vulnerabilities. Zurmo CRM 2.8.5 Multiple Reflected Cross-Site Scripting Vulnerabilities Vendor: Zurmo Inc. Product web page: http://www.zurmo.org Affected version: 2.8.5 Summary: Zurmo is an Open Source Customer...
Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit
Soitec SmartEnergy web application suffers from an authentication bypass vulnerability using SQL Injection attack in the login script. The script fails to sanitize the 'login' POST parameter allowing the attacker to bypass the security mechanism and view sensitive information that can be further...
IPUX CS7522/CS2330/CS2030 IP Camera Stack Buffer Overflow
IPUX CS7522/CS2330/CS2030 IP Camera UltraHVCamX.ocx ActiveX Stack Buffer Overflow Vendor: Big Good Holdings Limited | Fitivision Technology Inc. Product web page: http://www.ipux.net | http://www.fitivision.com Affected version: PT Type ICS2330 firmware: ICS2330 1.1.0-29 20140120 r4296 Cube Type...
Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access
Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit Vendor: NETGEAR Product web page: http://www.netgear.com Affected version: WNR500 firmware: 1.0.7.2 Summary: The NETGEAR compact N150 classic wireless router WNR500 improves your legacy Wireless-G network. It is a...
Ubisoft Uplay 4.6 - Insecure File Permissions Local Privilege Escalation
Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag Full for 'Everyone' group, making the entire directory...
ViPlay3 <= 3.00 - (.vpl) Local Stack Overflow PoC
No description provided by source. /usr/bin/perl ViPlay3 = 3.00 .vpl Local Stack Overflow PoC Product web page: http://www.urusoft.net/ Tested on Microsoft Windows XP Professional SP3 English Vulnerability discovered by Gjoko 'LiquidWorm' Krstic liquidworm gmail com http://www.zeroscience.org/...
FluxBB 1.5.3 - Multiple Vulnerabilities
No description provided by source. !-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-site scripting,...
Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit
No description provided by source. ?!/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written for...
Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege Escalation
No description provided by source. ? Huawei Technologies eSpace Meeting Service 1.0.0.23 Local Privilege Escalation Vendor: Huawei Technologies Co., Ltd. Product web page: http://www.huawei.com Affected version: 1.0.0.23 V100R001C03SPC201B050 Summary: Huawei's eSpace Meeting solution fully meets...