SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

ABB Cylon Aspect 3.08.03 (projectUpdateBSXFileProcess.php) Remote Guest2Root Exploit

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is vulnerable to code execution and sudo...

Croogo 2.0.0 Multiple Stored XSS Vulnerabilities

Summary Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MVC framework. Description Croogo version 2.0.0 suffers from multiple stored cross-site scripting vulnerabilities. Input passed to several POST parameters is not...

ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The unprotected web management server is vulnerable to sensitive...

Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak Exploit

Summary The Centaur digital recorder is a portable geophysical sensing acquisition system that consists of a high-resolution 24-bit ADC, a precision GNSS-based clock, and removable storage capabilities. Its ease of use simplifies high performance geophysical sensing deployments in both remote and...

QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion

Summary Digital Signage Software. Description Input passed to the 'data' parameter in 'QH.aspx' for delete action is not properly sanitised before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using their...

Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control

Summary CLOKI is the pre-installed application on our terminals that provides simple to use access control management and attendance monitoring using any browser IE, Chrome, Firefox, etc.. It is suited for anyone looking for a stand-alone Access Control and Attendance Monitoring system where the...

Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion

Summary Streamlabs Desktop is a free streaming and recording software, built on OBS Studio, for content creators to stream live to platforms like Twitch, YouTube, and Facebook. It is designed to be beginner-friendly and offers tools for creating engaging streams, such as customizable overlays,...

Epic Games Rocket League 1.95 (AK::MemoryMgr::GetPoolName) Stack Buffer Overrun

Summary Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition. Description The game suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the...

Realtyna RPL 8.9.2 Joomla Extension Multiple SQL Injection Vulnerabilities

Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...

SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

V-SOL GPON/EPON OLT Platform v2.03 Remote Privilege Escalation

Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...

Atlassian JIRA v6.0.3 Arbitrary HTML/Script Execution Vulnerability

Summary JIRA is an issue tracking project management software for teams planning, building, and launching great products. Description JIRA suffers from a reflected XSS issue due to a failure to properly sanitize user-supplied input to the 'name' GET parameter in the 'deleteuserconfirm.jsp' script...

Mango Automation 2.6.0 Remote XSS POST Injection Vulnerability

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application is prone to a...

ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

Hippo CMS 10.1 Stored Cross-Site Scripting Vulnerability

Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description Hippo CMS suffers from a stored XSS vulnerability. Input passed thru the POST parameters 'groupname' and 'description' is not sanitized allowing the attacker to...

Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Remote Code Execution (Backdoors)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

Adobe Reader 9.3.2 (CoolType.dll) Remote Memory Corruption / DoS Vulnerability

Summary Adobe Reader software is the global standard for electronic document sharing. It is the only PDF file viewer that can open and interact with all PDF documents. Use Adobe Reader to view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. Description Adobe Reader...

Tattile Cameras 1.181.5 Use of Default Credentials

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information

Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...

ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

JUNG Smart Visu Server 1.1.1050 Remote Server Shutdown

Summary The Smart Visu Server makes your intelligent building control convenient. With the user-friendly operating concept, you can control both the KNX system and other systems such as Philips Hue or Sonos on your mobile devices. You can likewise connect voice control to your KNX system with...

SOYAL 701Server 9.0.1 Insecure Permissions

Summary 701 Server is the program used to set up and configure LAN and IP based access control systems, from the COM port used to the quantity and type of controllers connected. It is also used for programming some of the more complex controllers such as the AR-716E and the AR-829E. Description T...

OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability

Summary OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Description The vulnerability is caused due to the improper verification of uploaded files in...

Sipwise C5 NGCP CSC CSRF Click2Dial Exploit

Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...

Eibiz i-Media Server Digital Signage 3.8.0 (createUser) Authentication Bypass (Add Admin)

Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description The...

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

WampServer 2.0i (index.php) Remote Cross Site Scripting Vulnerability

Summary WampServer - Apache, PHP, MySQL on Windows. Description WampServer is susceptible to cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. An attacker may leverage any of the cross-site scripting issues to have arbitra...

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation

Summary Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content wil...

GeniXCMS v0.0.1 Persistent Script Insertion Vulnerability

Summary GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work. Description Input passed to the 'cat' PO...

JUNG Smart Visu Server 1.1.1050 Request URL Override

Summary The Smart Visu Server makes your intelligent building control convenient. With the user-friendly operating concept, you can control both the KNX system and other systems such as Philips Hue or Sonos on your mobile devices. You can likewise connect voice control to your KNX system with...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-coded Credentials Shell Access

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access Exploit

Summary The NETGEAR compact N150 classic wireless router WNR500 improves your legacy Wireless-G network. It is a simple, secure way to share your Internet connection and allows you to easily surf the Internet, use email, and have online chats. The quick, CD-less setup can be done through a web...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Config Download

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation

Summary The NC routers upgrades your network to the next generation of WiFi. With combined wireless speeds of up to 1750 Mbps, the device provides better speeds and wireless range. Includes 2 FXS ports for any VoIP service. If you prefer a wired connection, the NC routers have gigabit ports to...

Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation

Summary Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitatio...

SOYAL 701Client 9.0.1 Insecure Permissions

Summary 701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things. Description The application...

TDM Digital Signage PC Player 4.1 Insecure File Permissions

Summary With TDM you can do a lot more than just show Digital Signage. With our Enterprise-Grade software you open the door to Interactive Signage, Analytics, Proof of Play and a lot more. Description TDM Digital Signage Windows Player suffers from an elevation of privileges vulnerability which c...

WordPress Plugin OneSignal 1.17.5 Persistent Cross-Site Scripting

Summary OneSignal is a high volume and reliable push notification service for websites and mobile applications. We support all major native and mobile platforms by providing dedicated SDKs for each platform, a RESTful server API, and an online dashboard for marketers to design and send push...

KVIrc 3.4.0 Virgo Remote Format String Exploit PoC

Summary KVIrc is a free portable IRC client based on the excellent Qt GUI toolkit. KVirc is being written by Szymon Stefanek and the KVIrc Development Team with the contribution of many IRC addicted developers around the world. Description KVIrc is prone to a remote format-string vulnerability...

Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

Omeka 2.2 CSRF And Stored XSS Vulnerability

Summary Omeka is a free, flexible, and open source web-publishing platform for the display of library, museum, archives, and scholarly collections and exhibitions. Its 'five-minute setup' makes launching an online exhibition as easy as launching a blog. Description Omeka version 2.2 suffers from ...

Resin Application Server 4.0.36 Source Code Disclosure Vulnerability

Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description The vulnerability is caused do to an improper sanitization of the 'fil...

Lunar CMS 3.3 CSRF And Stored XSS Vulnerability

Summary Lunar CMS is a freely distributable open source content management system written for use on servers running the ever so popular PHP5 & MySQL. Description Lunar CMS suffers from a cross-site request forgery and a stored xss vulnerabilities. The application allows users to perform certain...

Cimetrics BACstac Routing Service 6.2f Local Privilege Escalation

Summary BACstac belongs to product BACstacTM Networking Software and was developed by company Cimetrics Inc. Cimetrics is excited to announce a new version of our industry-leading BACnet protocol stack: BACstac 6.8. The Cimetrics BACstac saves man-years of development when your company needs to...