Lucene search
K
ZeroscienceMost viewed

1109 matches found

Zero Science Lab
Zero Science Lab
added 2020/09/30 12:0 a.m.173 views

SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/09/14 12:0 a.m.171 views

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials

Summary Designed with simplicity in mind, TP-LINK's Cloud Cameras are a fast and trouble free way to keep track on what's going on in and around your home. Video monitoring, recording and sharing has never been easier with the use of TP-LINK’s Cloud service. The excitement of possibilities never...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/04/08 12:0 a.m.170 views

Hikvision Digital Video Recorder Cross-Site Request Forgery

Summary Hikvision is the global leader of video surveillance products and solutions, manufactures a wide range of top-quality, reliable, and professional solutions. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity chec...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/05/22 12:0 a.m.169 views

ABB Cylon Aspect 3.08.03 (projectUpdateBSXFileProcess.php) Remote Guest2Root Exploit

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is vulnerable to code execution and sudo...

6.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2025/11/06 12:0 a.m.168 views

Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

9.8CVSS6AI score0.07449EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2020/09/30 12:0 a.m.168 views

SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2026/02/12 12:0 a.m.164 views

JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown

Summary The Smart Visu Server makes your intelligent building control convenient. With the user-friendly operating concept, you can control both the KNX system and other systems such as Philips Hue or Sonos on your mobile devices. You can likewise connect voice control to your KNX system with...

8.7CVSS5.8AI score0.01784EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2020/02/15 12:0 a.m.164 views

Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak Exploit

Summary The Centaur digital recorder is a portable geophysical sensing acquisition system that consists of a high-resolution 24-bit ADC, a precision GNSS-based clock, and removable storage capabilities. Its ease of use simplifies high performance geophysical sensing deployments in both remote and...

7.5CVSS7.2AI score0.74881EPSS
Exploits16
Zero Science Lab
Zero Science Lab
added 2014/10/12 12:0 a.m.164 views

Croogo 2.0.0 Multiple Stored XSS Vulnerabilities

Summary Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MVC framework. Description Croogo version 2.0.0 suffers from multiple stored cross-site scripting vulnerabilities. Input passed to several POST parameters is not...

4.3CVSS5.9AI score0.0425EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/10/18 12:0 a.m.163 views

ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The unprotected web management server is vulnerable to sensitive...

8.7CVSS5.8AI score0.00327EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/12/13 12:0 a.m.162 views

Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control

Summary CLOKI is the pre-installed application on our terminals that provides simple to use access control management and attendance monitoring using any browser IE, Chrome, Firefox, etc.. It is suited for anyone looking for a stand-alone Access Control and Attendance Monitoring system where the...

5.1CVSS5.8AI score0.00176EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/08/13 12:0 a.m.162 views

QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion

Summary Digital Signage Software. Description Input passed to the 'data' parameter in 'QH.aspx' for delete action is not properly sanitised before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using their...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2026/02/12 12:0 a.m.160 views

JUNG Smart Visu Server 1.1.1050 Request URL Override

Summary The Smart Visu Server makes your intelligent building control convenient. With the user-friendly operating concept, you can control both the KNX system and other systems such as Philips Hue or Sonos on your mobile devices. You can likewise connect voice control to your KNX system with...

8.8CVSS5.9AI score0.00496EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/04/30 12:0 a.m.160 views

Epic Games Rocket League 1.95 (AK::MemoryMgr::GetPoolName) Stack Buffer Overrun

Summary Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition. Description The game suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the...

9.3CVSS7.8AI score0.02076EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/09/30 12:0 a.m.159 views

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/10/22 12:0 a.m.159 views

Realtyna RPL 8.9.2 Joomla Extension Multiple SQL Injection Vulnerabilities

Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...

7.2CVSS7.3AI score0.02193EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2013/08/06 12:0 a.m.159 views

Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability

Summary JIRA is an issue tracking project management software for teams planning, building, and launching great products. Description JIRA suffers from a reflected XSS issue due to a failure to properly sanitize user-supplied input to the 'name' GET parameter in the 'deleteuserconfirm.jsp' script...

4.3CVSS6.1AI score0.02147EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2019/09/26 12:0 a.m.157 views

V-SOL GPON/EPON OLT Platform v2.03 Remote Privilege Escalation

Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...

9.8CVSS5.8AI score0.00313EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.156 views

Mango Automation 2.6.0 Remote XSS POST Injection Vulnerability

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application is prone to a...

3.5CVSS6AI score0.01747EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/31 12:0 a.m.154 views

ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

5.3CVSS5.8AI score0.00207EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.153 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Remote Code Execution (Backdoors)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.153 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/30 12:0 a.m.153 views

Hippo CMS 10.1 Stored Cross-Site Scripting Vulnerability

Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description Hippo CMS suffers from a stored XSS vulnerability. Input passed thru the POST parameters 'groupname' and 'description' is not sanitized allowing the attacker to...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/06/29 12:0 a.m.153 views

Adobe Reader 9.3.2 (CoolType.dll) Remote Memory Corruption / DoS Vulnerability

Summary Adobe Reader software is the global standard for electronic document sharing. It is the only PDF file viewer that can open and interact with all PDF documents. Use Adobe Reader to view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. Description Adobe Reader...

9.3CVSS5.8AI score0.13008EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2026/02/10 12:0 a.m.152 views

JUNG Smart Panel 5.1 KNX Unauthenticated Absolute File Path Traversal

Summary The JUNG Smart Panel 5.1 KNX is a flush-mounted 5-inch touch-sensitive controller designed for managing smart building automation via the KNX system. It serves as a, intuitive, centralized interface for controlling lighting, shading, heating, and security, utilizing a 640 x 480-pixel colo...

6.9CVSS7.4AI score0.00703EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/12/02 12:0 a.m.152 views

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

6.1CVSS5.9AI score0.0048EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.150 views

SOYAL 701Server 9.0.1 Insecure Permissions

Summary 701 Server is the program used to set up and configure LAN and IP based access control systems, from the COM port used to the quantity and type of controllers connected. It is also used for programming some of the more complex controllers such as the AR-716E and the AR-829E. Description T...

8.8CVSS7.2AI score0.01866EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/07/10 12:0 a.m.150 views

Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information

Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...

6.9CVSS6.9AI score0.01994EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2026/02/14 12:0 a.m.149 views

eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

9.8CVSS5.8AI score0.00637EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/08/21 12:0 a.m.149 views

Eibiz i-Media Server Digital Signage 3.8.0 (createUser) Authentication Bypass (Add Admin)

Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description The...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/30 12:0 a.m.149 views

ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

9.8CVSS6.2AI score0.0078EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2013/02/13 12:0 a.m.149 views

OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability

Summary OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Description The vulnerability is caused due to the improper verification of uploaded files in...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/04/23 12:0 a.m.148 views

Sipwise C5 NGCP CSC CSRF Click2Dial Exploit

Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...

8.8CVSS7.3AI score0.00926EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.148 views

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

4.3CVSS5.7AI score0.07973EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2025/10/16 12:0 a.m.147 views

Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

6.1CVSS6.1AI score0.0038EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2015/03/10 12:0 a.m.147 views

GeniXCMS v0.0.1 Persistent Script Insertion Vulnerability

Summary GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work. Description Input passed to the 'cat' PO...

4.3CVSS6.1AI score0.05358EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2010/02/22 12:0 a.m.147 views

WampServer 2.0i (index.php) Remote Cross Site Scripting Vulnerability

Summary WampServer - Apache, PHP, MySQL on Windows. Description WampServer is susceptible to cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. An attacker may leverage any of the cross-site scripting issues to have arbitra...

4.3CVSS5.8AI score0.01734EPSS
Exploits4
Zero Science Lab
Zero Science Lab
added 2020/07/31 12:0 a.m.146 views

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation

Summary Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content wil...

8.5CVSS5.9AI score0.00318EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/10/26 12:0 a.m.145 views

TDM Digital Signage PC Player 4.1 Insecure File Permissions

Summary With TDM you can do a lot more than just show Digital Signage. With our Enterprise-Grade software you open the door to Interactive Signage, Analytics, Proof of Play and a lot more. Description TDM Digital Signage Windows Player suffers from an elevation of privileges vulnerability which c...

8.8CVSS5.8AI score0.00225EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/09/06 12:0 a.m.145 views

Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation

Summary Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitatio...

6.8CVSS6.6AI score0.00288EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2014/11/21 12:0 a.m.145 views

Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit

Summary The NETGEAR compact N150 classic wireless router WNR500 improves your legacy Wireless-G network. It is a simple, secure way to share your Internet connection and allows you to easily surf the Internet, use email, and have online chats. The quick, CD-less setup can be done through a web...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.144 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-coded Credentials Shell Access

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/10 12:0 a.m.144 views

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation

Summary The NC routers upgrades your network to the next generation of WiFi. With combined wireless speeds of up to 1750 Mbps, the device provides better speeds and wireless range. Includes 2 FXS ports for any VoIP service. If you prefer a wired connection, the NC routers have gigabit ports to...

8.7CVSS5.7AI score0.00266EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.143 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Config Download

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2008/10/24 12:0 a.m.143 views

KVIrc 3.4.0 Virgo Remote Format String Exploit PoC

Summary KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. KVirc is being written by Szymon Stefanek and the KVIrc Development Team with the contribution of many IRC addicted developers around the world. Description KVIrc is prone to a remote format-string vulnerability...

7.6CVSS6.2AI score0.08158EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.142 views

SOYAL 701Client 9.0.1 Insecure Permissions

Summary 701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things. Description The application...

8.8CVSS7.3AI score0.01866EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2019/07/18 12:0 a.m.141 views

WordPress Plugin OneSignal 1.17.5 Persistent Cross-Site Scripting

Summary OneSignal is a high volume and reliable push notification service for websites and mobile applications. We support all major native and mobile platforms by providing dedicated SDKs for each platform, a RESTful server API, and an online dashboard for marketers to design and send push...

5.4CVSS6.4AI score0.01063EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/07/12 12:0 a.m.139 views

Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2026/02/24 12:0 a.m.138 views

Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

9.8CVSS5.8AI score0.00716EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2026/02/14 12:0 a.m.138 views

eNet SMART HOME server 2.3.1 (resetUserPassword) Account Takeover

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

8.8CVSS6AI score0.00529EPSS
Exploits2
Total number of security vulnerabilities1109