Lucene search
K
ZeroscienceMost viewed

1109 matches found

Zero Science Lab
Zero Science Lab
added 2025/10/16 12:0 a.m.138 views

Ilevia EVE X1 Server 4.7.18.0.eden (mbus) Unauthenticated Remote Command Injection

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

9.8CVSS6.1AI score0.07616EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2014/07/17 12:0 a.m.138 views

Omeka 2.2 CSRF And Stored XSS Vulnerability

Summary Omeka is a free, flexible, and open source web-publishing platform for the display of library, museum, archives, and scholarly collections and exhibitions. Its 'five-minute setup' makes launching an online exhibition as easy as launching a blog. Description Omeka version 2.2 suffers from ...

6.8CVSS6AI score0.02466EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/06/21 12:0 a.m.137 views

Lunar CMS 3.3 CSRF And Stored XSS Vulnerability

Summary Lunar CMS is a freely distributable open source content management system written for use on servers running the ever so popular PHP5 & MySQL. Description Lunar CMS suffers from a cross-site request forgery and a stored xss vulnerabilities. The application allows users to perform certain...

6.8CVSS6AI score0.02305EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2013/06/07 12:0 a.m.137 views

Resin Application Server 4.0.36 Source Code Disclosure Vulnerability

Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description The vulnerability is caused do to an improper sanitization of the 'fil...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/02/12 12:0 a.m.135 views

Cimetrics BACstac Routing Service 6.2f Local Privilege Escalation

Summary BACstac belongs to product BACstacTM Networking Software and was developed by company Cimetrics Inc. Cimetrics is excited to announce a new version of our industry-leading BACnet protocol stack: BACstac 6.8. The Cimetrics BACstac saves man-years of development when your company needs to...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/13 12:0 a.m.135 views

SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS Exploit

Summary SmartCode ServerX VNC Server control is a VNC server implemented as an ActiveX component, which makes it extremely easy for you to integrate VNC support into your Web or desktop applications. In the simplest scenario, you would add the ServerX ActiveX component to your project, place the...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2026/02/14 12:0 a.m.134 views

eNet SMART HOME server 2.3.1 Use of Default Credentials

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

9.8CVSS5.8AI score0.00652EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/05/03 12:0 a.m.134 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...

9.3CVSS6.5AI score0.0309EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/10/18 12:0 a.m.133 views

ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution

Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The ReQuest ARQ F3 web server suffers from an unauthenticated remote...

9.3CVSS6.4AI score0.00628EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/31 12:0 a.m.132 views

ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability

Summary ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your...

7.2CVSS6.1AI score0.00259EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2025/10/16 12:0 a.m.130 views

Ilevia EVE X1 Server 4.7.18.0.eden Parameter Traversal Arbitrary File Access

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

8.7CVSS5.9AI score0.00613EPSS
Exploits4
Zero Science Lab
Zero Science Lab
added 2021/02/07 12:0 a.m.130 views

SmartFoxServer 2X 2.17.0 Credentials Disclosure

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

5.5CVSS6AI score0.00369EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2021/02/07 12:0 a.m.130 views

SmartFoxServer 2X 2.17.0 God Mode Console Remote Code Execution

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

8.8CVSS7.6AI score0.02609EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.130 views

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

6.5CVSS6.1AI score0.0129EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2014/07/28 12:0 a.m.130 views

Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities

Summary Oxwall is unbelievably flexible and easy to use PHP/MySQL social networking software platform. Description Oxwall version 1.7.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests withou...

6.8CVSS6AI score0.02425EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2026/02/24 12:0 a.m.129 views

Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

8.7CVSS5.8AI score0.00807EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2026/02/14 12:0 a.m.129 views

eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

8.1CVSS6AI score0.00373EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/09/25 12:0 a.m.129 views

FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

9.3CVSS7.2AI score0.00282EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/07/10 12:0 a.m.129 views

Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal

Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description Pelco VideoXpert suffers...

5.8CVSS6.6AI score0.04612EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/04/01 12:0 a.m.128 views

ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation Exploit

Summary EONU-x GEPON ONU layer-3 home gateway/CPE broadband router. Description The application suffers from a privilege escalation vulnerability. The limited administrative user admin:admin can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the...

8.7CVSS5.8AI score0.00247EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.128 views

SOYAL Biometric Access Control System 5.0 Master Code Disclosure

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The controller suffers from a cleartext transmission of sensitive information. Th...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/07/12 12:0 a.m.128 views

Dasan Networks GPON ONT WiFi Router H64X Series Privilege Escalation

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/09/17 12:0 a.m.128 views

Netautor Professional 5.5.0 (goback) XSS Vulnerability

Summary Netautor Professional is an application server and development environment. Netautor Professional was developed to serve the practical needs of users, and was continuously advanced. -- Digital Workroom is a well proven and time-tested Content Management System. Its based on also...

4.3CVSS6.1AI score0.01689EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/04/23 12:0 a.m.127 views

Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities

Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...

5.4CVSS6.2AI score0.01123EPSS
Exploits3
Zero Science Lab
Zero Science Lab
added 2015/07/13 12:0 a.m.127 views

ArticleFR 3.0.6 Multiple Script Injection Vulnerabilities

Summary A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Description ArticleFR suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter...

4.3CVSS6AI score0.03308EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/06/09 12:0 a.m.127 views

ZeroCMS 1.0 (article_id) SQL Injection Vulnerability

Summary ZeroCMS is a very simple Content Management System built using PHP and MySQL. Description Input passed via the 'articleid' GET parameter to zeroviewarticle.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting...

7.5CVSS6AI score0.0625EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2015/01/12 12:0 a.m.126 views

Gecko CMS 2.3 Multiple Vulnerabilities

Summary Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting PHP and one MySQL database, Apache is a plus, browser compatibility and...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2013/02/18 12:0 a.m.125 views

Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability

Summary Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures. Description Input passed to the 'dl' parameter in 'install.php' script is not properly sanitised before being used to get the contents of a resource or delet...

4CVSS5.9AI score0.56011EPSS
Exploits11
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.124 views

SOYAL Biometric Access Control System 5.0 CSRF Change Admin Password

Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The application interface allows users to perform certain actions via HTTP reques...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2020/07/31 12:0 a.m.124 views

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin

Summary Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content wil...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2020/06/04 12:0 a.m.124 views

Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution

Summary CAYIN xPost is the web-based application software, which offers a combination of essential tools to create rich contents for digital signage in different vertical markets. It provides an easy-to-use platform for instant data entry and further extends the usage of CAYIN SMP players to meet...

10CVSS7.6AI score0.14014EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2019/03/18 12:0 a.m.124 views

exacqVision 9.8 Unquoted Service Path Privilege Escalation

Summary The exacqVision VMS Video Management System software records surveillance video from thousands of IP camera models and displays on a free Windows, Linux or OSX client software, web browser or mobile device. Description The application suffers from an unquoted search path issue impacting t...

7.8CVSS7.3AI score0.00825EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2019/06/30 12:0 a.m.122 views

FaceSentry Access Control System 6.4.8 Remote Root Exploit

Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...

9CVSS7.6AI score0.05242EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.121 views

Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities

Summary Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web. Moreover, it provides the ability to sync your data with Google Calendar so you can use them with other services. It is an open source project and you can...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/02/16 12:0 a.m.120 views

Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers

Summary Ignition is a powerful industrial application platform with fully integrated development tools for building SCADA, MES, and IIoT solutions. Description Remote unauthenticated atackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server...

7.5CVSS7.3AI score0.74881EPSS
Exploits16
Zero Science Lab
Zero Science Lab
added 2017/05/28 12:0 a.m.119 views

CERIO 11nbg 2.4Ghz High Power Wireless Router (pekcmd) Rootshell Backdoors

Summary CERIO's DT-300N A4 eXtreme Power 11n 2.4Ghz 2x2 High Power Wireless Access Point with built-in 10dBi patch antennas and also supports broadband wireless routing. DT-300N A4's wireless High Power design enhances the range and stability of the device's wireless signal in office and home...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2008/11/24 12:0 a.m.119 views

Nero ShowTime 5.0.15.0 m3u Playlist File Remote Buffer Overflow PoC

Summary Nero ShowTime provides you with a high-performance software DVD player that takes you to a new dimension in DVD's. Its cinema-like sound and excellent image quality for all digital pictures make an adventure of every film! What is more, Nero ShowTime supports all DVD-Video formats and can...

9.3CVSS6.2AI score0.05757EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/02/12 12:0 a.m.118 views

Cimetrics BACnet Explorer 4.0 XXE Vulnerability

Summary The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Description BACnetExplorer suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/09/06 12:0 a.m.116 views

MySource Matrix 3.28.3 (height) Remote Reflected XSS Vulnerability

Summary MySource Matrix is a powerful Open Source Content Management System CMS written in PHP and is suitable for many types of organisations. Description Input passed via the "height" parameter to charmap.php is not properly sanitised before being returned to the user. This can be exploited to...

4.3CVSS6.1AI score0.0173EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.115 views

Native Instruments Massive 1.1.4 KSD File Handling Use-After-Free Vulnerability

Summary MASSIVE is a sonic monster – the ultimate synth for basses and leads. The analog concept belies the contemporary, cutting-edge sound it generates. The high-end engine delivers pure quality, lending an undeniable virtue and character to even the most saturated of sounds. The interface is...

6.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/09/25 12:0 a.m.113 views

FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root Exploit

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

9.8CVSS6.2AI score0.1064EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2019/12/29 12:0 a.m.112 views

HomeAutomation v3.3.2 CSRF Remote Command Execution (PHP Reverse Shell) PoC

Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...

8.5CVSS7.6AI score0.01059EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.112 views

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure

Summary Drive production profitability with Fiery servers and workflow products. See which Fiery digital front end is right for your current or future print engines and business needs. Manage all your printers from a single screen using this intuitive print job management interface. Description...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/05/03 12:0 a.m.110 views

Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application suffers from an unquoted search path issue impacting...

8.5CVSS7.6AI score0.00141EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.109 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot (DoS)

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.108 views

OsiriX Web Portal 8.0.1 DOM Based XSS

Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/02/04 12:0 a.m.107 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution

Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...

9.4CVSS6.2AI score0.01763EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/12/24 12:0 a.m.107 views

NS International Train Tickets v7.31.4 Reflected XSS Vulnerability

Summary NS International Train Tickets is a web application that is used by NS International Dutch railways to manage search, book, plan, buy train tickets for international travels from the Netherlands. Description NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable t...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2009/01/22 12:0 a.m.106 views

FTPShell Server 4.3 (licence key) Remote Buffer Overflow PoC

Summary FTPShell server is a windows FTP service that enables remote file downloads and uploads. It supports regular and secure FTP based on both SSL/TLS and SSH2. It is also extremely easy to configure and use. Description FTPShell Server 4.3 suffers from buffer overflow vulnerability that can b...

9.3CVSS5.9AI score0.05859EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.104 views

Mango Automation 2.6.0 User Enumeration Weakness

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The weakness is caused due to...

5CVSS5.8AI score0.03498EPSS
Exploits1
Total number of security vulnerabilities1109