SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS Exploit

Summary SmartCode ServerX VNC Server control is a VNC server implemented as an ActiveX component, which makes it extremely easy for you to integrate VNC support into your Web or desktop applications. In the simplest scenario, you would add the ServerX ActiveX component to your project, place the...

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...

eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

JUNG Smart Panel 5.1 KNX Unauthenticated Absolute File Path Traversal

Summary The JUNG Smart Panel 5.1 KNX is a flush-mounted 5-inch touch-sensitive controller designed for managing smart building automation via the KNX system. It serves as a, intuitive, centralized interface for controlling lighting, shading, heating, and security, utilizing a 640 x 480-pixel colo...

ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The ReQuest ARQ F3 web server suffers from an unauthenticated remote...

SmartFoxServer 2X 2.17.0 Credentials Disclosure

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

SmartFoxServer 2X 2.17.0 God Mode Console Remote Code Execution

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability

Summary ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your...

Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal

Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description Pelco VideoXpert suffers...

Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities

Summary Oxwall is unbelievably flexible and easy to use PHP/MySQL social networking software platform. Description Oxwall version 1.7.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests withou...

Ilevia EVE X1 Server 4.7.18.0.eden (mbus) Unauthenticated Remote Command Injection

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

SOYAL Biometric Access Control System 5.0 Master Code Disclosure

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The controller suffers from a cleartext transmission of sensitive information. Th...

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation Exploit

Summary EONU-x GEPON ONU layer-3 home gateway/CPE broadband router. Description The application suffers from a privilege escalation vulnerability. The limited administrative user admin:admin can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the...

FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

Dasan Networks GPON ONT WiFi Router H64X Series Privilege Escalation

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

ArticleFR 3.0.6 Multiple Script Injection Vulnerabilities

Summary A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Description ArticleFR suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter...

ZeroCMS 1.0 (article_id) SQL Injection Vulnerability

Summary ZeroCMS is a very simple Content Management System built using PHP and MySQL. Description Input passed via the 'articleid' GET parameter to zeroviewarticle.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting...

Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities

Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...

Gecko CMS 2.3 Multiple Vulnerabilities

Summary Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting PHP and one MySQL database, Apache is a plus, browser compatibility and...

Netautor Professional 5.5.0 (goback) XSS Vulnerability

Summary Netautor Professional is an application server and development environment. Netautor Professional was developed to serve the practical needs of users, and was continuously advanced. -- Digital Workroom is a well proven and time-tested Content Management System. Its based on also...

eNet SMART HOME server 2.3.1 (resetUserPassword) Account Takeover

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin

Summary Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content wil...

Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability

Summary Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures. Description Input passed to the 'dl' parameter in 'install.php' script is not properly sanitised before being used to get the contents of a resource or delet...

Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution

Summary CAYIN xPost is the web-based application software, which offers a combination of essential tools to create rich contents for digital signage in different vertical markets. It provides an easy-to-use platform for instant data entry and further extends the usage of CAYIN SMP players to meet...

exacqVision 9.8 Unquoted Service Path Privilege Escalation

Summary The exacqVision VMS Video Management System software records surveillance video from thousands of IP camera models and displays on a free Windows, Linux or OSX client software, web browser or mobile device. Description The application suffers from an unquoted search path issue impacting t...

FaceSentry Access Control System 6.4.8 Remote Root Exploit

Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...

Ilevia EVE X1 Server 4.7.18.0.eden Parameter Traversal Arbitrary File Access

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

SOYAL Biometric Access Control System 5.0 CSRF Change Admin Password

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The application interface allows users to perform certain actions via HTTP reques...

CERIO 11nbg 2.4Ghz High Power Wireless Router (pekcmd) Rootshell Backdoors

Summary CERIO's DT-300N A4 eXtreme Power 11n 2.4Ghz 2x2 High Power Wireless Access Point with built-in 10dBi patch antennas and also supports broadband wireless routing. DT-300N A4's wireless High Power design enhances the range and stability of the device's wireless signal in office and home...

Nero ShowTime 5.0.15.0 m3u Playlist File Remote Buffer Overflow PoC

Summary Nero ShowTime provides you with a high-performance software DVD player that takes you to a new dimension in DVD's. Its cinema-like sound and excellent image quality for all digital pictures make an adventure of every film! What is more, Nero ShowTime supports all DVD-Video formats and can...

eNet SMART HOME server 2.3.1 Use of Default Credentials

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers

Summary Ignition is a powerful industrial application platform with fully integrated development tools for building SCADA, MES, and IIoT solutions. Description Remote unauthenticated atackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server...

Cimetrics BACnet Explorer 4.0 XXE Vulnerability

Summary The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Description BACnetExplorer suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected...

Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

Native Instruments Massive 1.1.4 KSD File Handling Use-After-Free Vulnerability

Summary MASSIVE is a sonic monster – the ultimate synth for basses and leads. The analog concept belies the contemporary, cutting-edge sound it generates. The high-end engine delivers pure quality, lending an undeniable virtue and character to even the most saturated of sounds. The interface is...

MySource Matrix 3.28.3 (height) Remote Reflected XSS Vulnerability

Summary MySource Matrix is a powerful Open Source Content Management System CMS written in PHP and is suitable for many types of organisations. Description Input passed via the "height" parameter to charmap.php is not properly sanitised before being returned to the user. This can be exploited to...

Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities

Summary Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web. Moreover, it provides the ability to sync your data with Google Calendar so you can use them with other services. It is an open source project and you can...

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure

Summary Drive production profitability with Fiery servers and workflow products. See which Fiery digital front end is right for your current or future print engines and business needs. Manage all your printers from a single screen using this intuitive print job management interface. Description...

HomeAutomation v3.3.2 CSRF Remote Command Execution (PHP Reverse Shell) PoC

Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...

FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root Exploit

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot (DoS)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application suffers from an unquoted search path issue impacting...

eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution

Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...

NS International Train Tickets v7.31.4 Reflected XSS Vulnerability

Summary NS International Train Tickets is a web application that is used by NS International Dutch railways to manage search, book, plan, buy train tickets for international travels from the Netherlands. Description NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable t...

OsiriX Web Portal 8.0.1 DOM Based XSS

Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...

Mango Automation 2.6.0 CSRF Arbitrary Command Execution Exploit

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The POST parameter 'c0-param0...

Operation Technology ETAP 14.1.0 Local Privilege Escalation

Summary Enterprise Software Solution for Electrical Power Systems. ETAP is the most comprehensive electrical engineering software platform for the design, simulation, operation, and automation of generation, transmission, distribution, and industrial systems. As a fully integrated model-driven...