NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution

/ NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution Vendor: NREL Product web page: https://beopt.nrel.gov Affected version: 2.8.0.0, 2.7.0.0 and 2.6.0.1 Summary: The BEoptaC/ Building Energy Optimization Tool software provides capabilities to evaluate residential building designs...

NREL BEopt <= 2.8.0.0 RCE Vulnerability

NREL BEopt is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nrel:beopt"; if...

devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation Vendor: devolo AG Product web page: https://www.devolo.com Affected version: 4.3.1 Summary: devolo dLANAr Cockpit is a software tool that allows devolo customers to monitor and optimise their dLANAr network using a software tool...

BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution

BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks...

BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery

BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks,...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution Vulnerability

Exploit for hardware platform in category web applications BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more...

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection Vulnerability

Exploit for hardware platform in category web applications body...

Go Pro Fusion Studio 1.2 Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Go Pro Fusion Studio 1.2 Privilege Escalation Vendor: GoPro, Inc. Product web page: https://www.gopro.com Software: https://shop.gopro.com/softwareandapp/gopro-fusion-studio-app/fusion-studio.html Affected version: 1.2.1.400 Summary: Go Pro...

Sint Wind PI 01.26.19 Authentication Bypass

Sint Wind PI v01.26.19 Authentication Bypass Vendor: Tonino Tarsi Product web page: https://github.com/ToninoTarsi/swpi Affected version: 01.26.19 Summary: A Meteo Station software for Raspberry PI. Capability include telephone answering, webcams, digital cameras, web. A Sint Wind is a wind...

VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 - Directory Traversal VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is...

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vendor: Prisma Industriale S.r.l. Product web page: https://www.prismaindustriale.com Affected version: 1.0 Rev 21, EPROM 202FWSAM ?? Summary: Web Administration of Machine. Desc: The vulnerability exists due to the disclosure o...

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vendor: Prisma Industriale S.r.l. Product web page: https://www.prismaindustriale.com Affected version: 1.0 Rev 21, EPROM 202FWSAM ?? Summary: Web Administration of Machine. Desc: The vulnerability exists due to the disclosure o...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalD...

LogicalDOC Enterprise 7.7.4 - Directory Traversal

LogicalDOC Enterprise 7.7.4 - Directory Traversal LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...

Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service Exploit

Exploit for hardware platform in category dos / poc !/usr/bin/env python Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1...

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure Vulnerability

Exploit for php platform in category web applications Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242 Summary: Drive...

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242 Summary: Drive production profitability with Fiery servers and workflow...

Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service

!/usr/bin/env python Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce...

DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration

!/usr/bin/env python DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 build...

Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation Vulnerability

Exploit for hardware platform in category web applications Dasan Networks GPON ONT WiFi Router H64X Series Privilege Escalation Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645...