1109 matches found
SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit
Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials
Summary Designed with simplicity in mind, TP-LINK's Cloud Cameras are a fast and trouble free way to keep track on what's going on in and around your home. Video monitoring, recording and sharing has never been easier with the use of TP-LINK’s Cloud service. The excitement of possibilities never...
Hikvision Digital Video Recorder Cross-Site Request Forgery
Summary Hikvision is the global leader of video surveillance products and solutions, manufactures a wide range of top-quality, reliable, and professional solutions. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity chec...
ABB Cylon Aspect 3.08.03 (projectUpdateBSXFileProcess.php) Remote Guest2Root Exploit
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is vulnerable to code execution and sudo...
Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal
Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...
JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown
Summary The Smart Visu Server makes your intelligent building control convenient. With the user-friendly operating concept, you can control both the KNX system and other systems such as Philips Hue or Sonos on your mobile devices. You can likewise connect voice control to your KNX system with...
Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak Exploit
Summary The Centaur digital recorder is a portable geophysical sensing acquisition system that consists of a high-resolution 24-bit ADC, a precision GNSS-based clock, and removable storage capabilities. Its ease of use simplifies high performance geophysical sensing deployments in both remote and...
Croogo 2.0.0 Multiple Stored XSS Vulnerabilities
Summary Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MVC framework. Description Croogo version 2.0.0 suffers from multiple stored cross-site scripting vulnerabilities. Input passed to several POST parameters is not...
ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure
Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The unprotected web management server is vulnerable to sensitive...
Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control
Summary CLOKI is the pre-installed application on our terminals that provides simple to use access control management and attendance monitoring using any browser IE, Chrome, Firefox, etc.. It is suited for anyone looking for a stand-alone Access Control and Attendance Monitoring system where the...
QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion
Summary Digital Signage Software. Description Input passed to the 'data' parameter in 'QH.aspx' for delete action is not properly sanitised before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using their...
JUNG Smart Visu Server 1.1.1050 Request URL Override
Summary The Smart Visu Server makes your intelligent building control convenient. With the user-friendly operating concept, you can control both the KNX system and other systems such as Philips Hue or Sonos on your mobile devices. You can likewise connect voice control to your KNX system with...
Epic Games Rocket League 1.95 (AK::MemoryMgr::GetPoolName) Stack Buffer Overrun
Summary Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition. Description The game suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the...
SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure
Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...
Realtyna RPL 8.9.2 Joomla Extension Multiple SQL Injection Vulnerabilities
Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...
Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability
Summary JIRA is an issue tracking project management software for teams planning, building, and launching great products. Description JIRA suffers from a reflected XSS issue due to a failure to properly sanitize user-supplied input to the 'name' GET parameter in the 'deleteuserconfirm.jsp' script...
V-SOL GPON/EPON OLT Platform v2.03 Remote Privilege Escalation
Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...
Mango Automation 2.6.0 Remote XSS POST Injection Vulnerability
Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application is prone to a...
ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Remote Code Execution (Backdoors)
Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection
Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...
Hippo CMS 10.1 Stored Cross-Site Scripting Vulnerability
Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description Hippo CMS suffers from a stored XSS vulnerability. Input passed thru the POST parameters 'groupname' and 'description' is not sanitized allowing the attacker to...
Adobe Reader 9.3.2 (CoolType.dll) Remote Memory Corruption / DoS Vulnerability
Summary Adobe Reader software is the global standard for electronic document sharing. It is the only PDF file viewer that can open and interact with all PDF documents. Use Adobe Reader to view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. Description Adobe Reader...
JUNG Smart Panel 5.1 KNX Unauthenticated Absolute File Path Traversal
Summary The JUNG Smart Panel 5.1 KNX is a flush-mounted 5-inch touch-sensitive controller designed for managing smart building automation via the KNX system. It serves as a, intuitive, centralized interface for controlling lighting, shading, heating, and security, utilizing a 640 x 480-pixel colo...
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...
SOYAL 701Server 9.0.1 Insecure Permissions
Summary 701 Server is the program used to set up and configure LAN and IP based access control systems, from the COM port used to the quantity and type of controllers connected. It is also used for programming some of the more complex controllers such as the AR-716E and the AR-829E. Description T...
Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information
Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...
eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation
Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...
Eibiz i-Media Server Digital Signage 3.8.0 (createUser) Authentication Bypass (Add Admin)
Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description The...
ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability
Summary OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Description The vulnerability is caused due to the improper verification of uploaded files in...
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit
Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...
Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass
Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...
Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
GeniXCMS v0.0.1 Persistent Script Insertion Vulnerability
Summary GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work. Description Input passed to the 'cat' PO...
WampServer 2.0i (index.php) Remote Cross Site Scripting Vulnerability
Summary WampServer - Apache, PHP, MySQL on Windows. Description WampServer is susceptible to cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. An attacker may leverage any of the cross-site scripting issues to have arbitra...
All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation
Summary Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content wil...
TDM Digital Signage PC Player 4.1 Insecure File Permissions
Summary With TDM you can do a lot more than just show Digital Signage. With our Enterprise-Grade software you open the door to Interactive Signage, Analytics, Proof of Play and a lot more. Description TDM Digital Signage Windows Player suffers from an elevation of privileges vulnerability which c...
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
Summary Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitatio...
Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit
Summary The NETGEAR compact N150 classic wireless router WNR500 improves your legacy Wireless-G network. It is a simple, secure way to share your Internet connection and allows you to easily surf the Internet, use email, and have online chats. The quick, CD-less setup can be done through a web...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-coded Credentials Shell Access
Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...
NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation
Summary The NC routers upgrades your network to the next generation of WiFi. With combined wireless speeds of up to 1750 Mbps, the device provides better speeds and wireless range. Includes 2 FXS ports for any VoIP service. If you prefer a wired connection, the NC routers have gigabit ports to...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Config Download
Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...
KVIrc 3.4.0 Virgo Remote Format String Exploit PoC
Summary KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. KVirc is being written by Szymon Stefanek and the KVIrc Development Team with the contribution of many IRC addicted developers around the world. Description KVIrc is prone to a remote format-string vulnerability...
SOYAL 701Client 9.0.1 Insecure Permissions
Summary 701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things. Description The application...
WordPress Plugin OneSignal 1.17.5 Persistent Cross-Site Scripting
Summary OneSignal is a high volume and reliable push notification service for websites and mobile applications. We support all major native and mobile platforms by providing dedicated SDKs for each platform, a RESTful server API, and an online dashboard for marketers to design and send push...
Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass
Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...
Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration
Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...
eNet SMART HOME server 2.3.1 (resetUserPassword) Account Takeover
Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...