SOYAL 701Client 9.0.1 Insecure Permissions

SOYAL 701Client 9.0.1 Insecure Permissions Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: 9.0.1 190410 9.0.1 190115 Summary: 701 Client is the user interface software for the access control system. It is used for adding and...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

SOYAL 701 Server 9.0.1 - Insecure Permissions Vulnerability

Exploit Title: SOYAL 701 Server 9.0.1 - Insecure Permissions Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: 9.0.1 190322 8.0.6 181227...

STVS ProVision 5.9.10 File Disclosure

STVS ProVision 5.9.10 archive.rb Authenticated File Disclosure Vulnerability Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected version: 5.9.10 build 2885-3a8219a 5.9.9 build 2882-7c3b787 5.9.7 build 2871-a450938 5.9.1 build 2771-1bbed11 5.9.0 build 2701-6123026 5.8.6...

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite

Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa 512 Targa 504 Targa Semplice Targa 704 TKM Targa 805 Targa 710 INOX Targa 750 Targa 704 ILB Firmware: BLD201113005214 BLD20110616374...

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is a...

iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page...

BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path Traversal

Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - File Delete Path Traversal Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal Vendor: SpinetiX AG Product web page:...

BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated)

Exploit Title: BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery Unauthenticated Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.brightsign.biz Version: = 8.2.26 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SS...

UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass

Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Date: 2020-07-23 Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr Affected version: Firmware 1.5.1 2013.01.3...

Cayin CMS NTP Server RCE

This module exploits an authenticated RCE in Cayin CMS 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module 'Gjoko Krstic LiquidWorm '...

HomeAutomation 3.3.2 - Persistent Cross-Site Scripting

Exploit: HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID: ZSL-2019-5556 Advisor...

HomeAutomation 3.3.2 Cross Site Scripting

HomeAutomation v3.3.2 Stored and Reflected XSS Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick,...

AVE DOMINAplus 1.10.x Unauthenticated Remote Reboot Vulnerability

AVE DOMINAplus =1.10.x Unauthenticated Remote Reboot Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Touch Screen Code TS01 - 1.0.65 Touch Screen Code TS03x-V | TS04X-V - 1.10.45a Touch Screen Code TS05 -...

V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation

V-SOL GPON/EPON OLT Platform v2.03 Link Manipulation Vulnerability Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPON is...

V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download

V-SOL GPON/EPON OLT Platform v2.03 Unauthenticated Configuration Download Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPO...

Rifatron Intelligent Digital Security System - animate.cgi Stream Disclosure Vulnerability

Exploit for cgi platform in category web applications !/bin/bash Rifatron Intelligent Digital Security System animate.cgi Stream Disclosure Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. Product web page: http://www.rifatron.com Affected version: 5brid DVR HD6-532/516, DX6-516/508/504,...

FaceSentry Access Control System 6.4.8 - Remote Command Injection Vulnerability

Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build...

Ross Video DashBoard 8.5.1 - Insecure Permissions

Ross Video DashBoard 8.5.1 Insecure Permissions Vendor: Ross Video Ltd. Product web page: https://www.rossvideo.com Affected version: 8.5.1 Summary: DashBoard is a free and open platform from Ross Video for facility control and monitoring that enables users to quickly build unique, tailored Custo...

exacqVision 9.8 Unquoted Service Path Privilege Escalation

exacqVision 9.8 Unquoted Service Path Privilege Escalation Vendor: Exacq Technologies, Inc. Product web page: https://www.exacq.com Affected version: 9.8.4.150001 Summary: The exacqVision VMS Video Management System software records surveillance video from thousands of IP camera models and displa...