Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download

Dasan Networks GPON ONT WiFi Router H64X Series System Config Download Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Models: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 3.02p2-1141 2.77p1-1125 2.77-1115 2.76-9999...

Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass

Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02...

Schneider Electric Pelco VideoXpert Privilege Escalation

Schneider Electric Pelco VideoXpert Privilege Escalations Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Core Software 1.12.105 Media Gateway Software 1.12.26 Exports 1.12 Summary: VideoXpert is a video management solution designed for scalability, fitting...

Schneider Electric Pelco Sarix/Spectra Cameras XSS Vulnerability

Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser sessi...

Pelco VideoXpert 1.12.105 - Local Privilege Escalation

Schneider Electric Pelco VideoXpert Privilege Escalations Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: Core Software 1.12.105 Media Gateway Software 1.12.26 Exports 1.12 Summary: VideoXpert is a video management solution designed for scalability, fitting...

Emby MediaServer 3.2.5 - Password Reset Vulnerability

Exploit for multiple platform in category web applications Emby MediaServer 3.2.5 Password Reset Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organiz...

Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection Vulnerability

Exploit for hardware platform in category web applications Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection Vendor: Dell Inc. Product web page: https://www.sonicwall.com/products/sonicwall-gms/ Affected version: 8.1 8.0 SP1 Build 8048.1410 Flow Server Virtual Appliance Fixed in...

InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution Vulnerability

Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...

EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation

EyeLock Myris 3.3.2 SDK Service Unquoted Service Path Privilege Escalation Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: 3.3.21289.1311 Summary: myris® provides unparalleled security, is portable, lightweight and is as easy as looking in a mirror. Use myris to...

Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation

...

iBilling 3.7.0 Cross Site Scripting

Cross Site Scripting Stored: http://localhost/ibilling/index.php Parameters: msg, desc, account, phone, company, address, city, state, zip, tags, description, ref POST...

Flatpress 1.0.3 - Cross-Site Request Forgery / Arbitrary File Upload

Exploit for php platform in category web applications FlatPress 1.0.3 CSRF Arbitrary File Upload RCE PoC function exec var command = document.getElementById"exec"; var url = "http://localhost/flatpre...

FlatPress 1.0.3 Cross Site Request Forgery / Shell Upload

FlatPress 1.0.3 CSRF Arbitrary File Upload RCE PoC function exec var command = document.getElementById"exec"; var url = "http://localhost/flatpress/fp-content/attachs/test.php?cmd="; var cmdexec = command.v...

EduSec 4.2.5 - SQL Injection

Exploit for php platform in category web applications EduSec 4.2.5 Multiple SQL Injection Vulnerabilities Vendor: Rudra Softech Product web page: http://www.rudrasoftech.com Affected version: 4.2.5 Summary: EduSec has a suite of selective modules specifically tailored to the requirements of...

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Exploit for hardware platform in category web applications !-- MOBOTIX Video Security Cameras CSRF Add Admin Exploit Vendor: MOBOTIX AG Product web page: https://www.mobotix.com Affected version: Model: D22M-Secure, HW: T2r1.1.AA, 520 MHz, 128 MByte RAM, SW: MX-V3.5.2.23.r3 Model: Q24M-Secure, HW...

OpenMRS 2.3 (1.11.4) - 多个跨站脚本漏洞

No description provided by source. OpenMRS 2.3 1.11.4 Multiple Cross-Site Scripting Vulnerabilities Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd...

iniNet SpiderControl SCADA Editor 6.30.01 Privilege Escalation Vulnerability

iniNet SpiderControl SCADA Editor version 6.30.01 suffers from an insecure file permission vulnerability that can lead to privilege escalation. iniNet SpiderControl SCADA Editor 6.30.01 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected...

TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Exploit

TECO SG2 FBD Client version 3.51 suffers from a vulnerability that is caused due to a boundary error in the processing of a Genie FBD, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .GFB file. Successful exploitation could allow execution of arbitrary...

RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities

RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or...

Centreon 2.6.1 Persistent Cross Site Scripting

Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring...