NethServer 7.3.1611 (create.json) CSRF Create User And Enable SSH Access

Summary NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify...

Kallithea 0.2.9 (came_from) HTTP Response Splitting Vulnerability

Summary Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that supports two leading version control systems, Mercurial and Git, and has a web interface that is easy to use for users and admins. Description Kallithea suffers from...

Mango Automation 2.6.0 CSRF File Upload And Arbitrary JSP Code Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description Mango suffers from an...

FaceSentry Access Control System 6.4.8 Remote Command Injection

Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...

TECO AP-PCLINK 1.094 TPC File Handling Buffer Overflow Vulnerability

Summary AP-PCLINK is the supportive software for TP03 or AP series, providing three edit modes as LADDER, IL, FBDand SFC, by which programs can be input rapidly and correctly. Every form written into the TP03 or AP series and AP-PCLINK can be monitored in the form of the data. Description The...

VUPlayer 2.49 M3U Playlist File Remote Buffer Overflow Exploit

Summary VUPlayer is a freeware multi-format audio player for Windows. Description VUPlayer 2.49 suffers from a buffer overflow vulnerability that can be exploited remotely using user interaction and/or crafting. It fails to perform adequate boundry checking of the user input file .m3u playlist,...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit

Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...

Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

Wowza Streaming Engine 4.5.0 CSRF Add Advanced Admin Exploit

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description The application...

Certec EDV atvise SCADA server 2.5.9 Privilege Escalation Vulnerability

Summary atvise scada is based on newest technologies and standards: The visualization in pure web technology as well as a consistent vertical object orientation based on OPC UA changes the world of process management systems. Description The application suffers from an unquoted search path issue...

Cayin Content Management Server 11.0 Root Remote Command Injection

Summary CAYIN Technology provides Digital Signage solutions, including media players, servers, and software designed for the DOOH Digital Out-of-home networks. We develop industrial-grade digital signage appliances and tailored services so you don't have to do the hard work. Description CAYIN CMS...

HomeAutomation v3.3.2 Authentication Bypass Exploit

Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...

Google Earth v5.1.3535.3218 (quserex.dll) DLL Hijacking Exploit

Summary Google Earth lets you fly anywhere on Earth to view satellite imagery, maps, terrain, 3D buildings, from galaxies in outer space to the canyons of the ocean. You can explore rich geographical content, save your toured places, and share with others. Description Google Earth suffers from a...

Emby MediaServer 3.2.5 Directory Traversal File Disclosure Vulnerability

Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description The vulnerability was confirmed on...

SAS Integration Technologies Client 9.31_M1 (SASspk.dll) Stack-based Overflow

Summary SAS Integration Technologies provides you with software that enables you to build a secure client/server infrastructure on which to implement SAS distributed processing solutions. With SAS Integration Technologies, you can integrate SAS with other applications in your enterprise; provide...

webgrind 1.0 (file param) Local File Inclusion Vulnerability

Summary Webgrind is an Xdebug profiling web frontend in PHP5. Description webgrind suffers from a file inclusion vulnerability LFI when input passed thru the 'file' parameter to index.php is not properly verified before being used to include files. This can be exploited to include files from loca...

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

ZKTeco ZKBioSecurity 3.0 (visLogin.jsp) Local Authorization Bypass

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

DreamBox DM500(+) Arbitrary File Download Vulnerability

Summary The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers set-top box. Description Dreambox suffers from a file download vulnerability thru directory traversal with appending the '/' character in the HTTP GET method of the affected host...

SkaDate Lite 2.0 Multiple XSRF And Persistent XSS Vulnerabilities

Summary SkaDate Lite is a new platform that makes it easy to start online dating business in just a few easy steps. No programming or design knowledge is required. Install the solution, pick a template, and start driving traffic to your new online dating site. Description SkaDate Lite version 2.0...

HomeAutomation v3.3.2 Stored and Reflected XSS

Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...

Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution

Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...

AdaptCMS 3.0.3 Remote Command Execution Exploit

Summary AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system...

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT metho...

Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities

Summary This is a light weight CRM which simplifies process of managing staff, client and projects. Description Multiple stored XSS and CSRF vulnerabilities exist when parsing user input to several POST parameters. The application allows users to perform certain actions via HTTP requests without...

UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Through Authorization Bypass

Summary Medivision is a service that provides everything from DID operation to development of DID Digital Information Display optimized for hospital environment and production of professional contents, through DID product installation, image, video content planning, design work, and remote contro...

HomeAutomation v3.3.2 Open Redirect

Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...

FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit

Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...

MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit

Summary The grandMA onPC software incorporates all functions of a grandMA console and offers you its full potential on your notebook or PC. You can use grandMA onPC for running, programming or offline pre-programming, as well as a smart backup solution within the grandMA system. With the MA onPC...

Oreans Themida v2.1.8.0 TMD File Handling Buffer Overflow Vulnerability

Summary Advanced Windows software protection system, developed for software developers who wish to protect their applications against advanced reverse engineering and software cracking. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can ...

eXV² Content Management System 2.10 Remote XSS Vulnerability

Summary eXV² is a free CMS for building and operating private home pages, small and large communities and it's also easily used for small to medium business presences. Description The CMS suffers from a remote reflected Cross-Site Scripting vulnerability when input passed thru "rssfeedURL" and...

Adobe Photoshop CS4 Extended 11.0 GRD File Handling Remote Buffer Overflow PoC

Summary The Adobe® Photoshop® family of products is the ultimate playground for bringing out the best in your digital images, transforming them into anything you can imagine and showcasing them in extraordinary ways. Description Adobe Photoshop CS4 Extended suffers from a buffer overflow...

AVE DOMINAplus <=1.10.x Authentication Bypass Exploit

Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...

Option CloudGate Insecure Direct Object References Authorization Bypass

Summary The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic unit certified on all major us cellular operators CDMA/EV-DO and WCDMA/HSPA+. The CloudGate is simple to configure locally or remotely from your PC, tablet or...

WEG SuperDrive G2 v12.0.0 Insecure File Permissions

Summary SuperDrive is a Windows graph tool for parameter setting, control and monitor of WEG Drives. It permits to edit directly in the drive online parameters, or to edit offline parameter files stored in the microcomputer. It enables you to store parameters of all drives that exist in the...

IPUX CS7522/CS2330/CS2030 IP Camera (UltraHVCamX.ocx) ActiveX Stack Buffer Overflow

Summary The device is H.264 Wired/Wireless IP Camera with 1.3 Mega-pixel sensor. With high performance H.264 video compression, the file size of video stream is extremely reduced, as to optimize the network bandwidth efficiency. It has full Pan/Tilt function and 3X digital zoom feature for a larg...

Native Instruments Kontakt 4 Player NKI File Syntactic Analysis Buffer Overflow PoC

Summary KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind. Description...

Delta Industrial Automation DCISoft 1.12.09 Stack Buffer Overflow Exploit

Summary DCISoft is a integrated configuration tool of Delta network modules DVPEN01-SL, RTU-EN01, IFD9506, IFD9507, DVPSCM12-SL, DVPSCM52-SL for WINDOWS operation system. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to...

Adobe Photoshop Elements 8.0 Multiple Arbitrary Code Execution Vulnerabilities

Summary Adobe Photoshop Elements - the No.1 consumer photo editing software that helps you turn everyday memories into sensational photos you'll cherish forever. Easily edit photos and make photo creations using automated options, share photos with your social network, and view photos virtually...

Adobe Audition 3.0 (build 7283) Session File Handling Buffer Overflow PoC

Summary Recording, mixing, editing, and mastering — Adobe® Audition® 3 software is the all-in-one toolset for professional audio production. Description Adobe Audition suffers from a buffer overflow vulnerability when dealing with .SES session format file. The application failz to sanitize the us...

EDraw Flowchart ActiveX Control 2.3 (.edd parsing) Remote Buffer Overflow PoC

Summary Do you want to learn how to draw? Now you can online! Learn how to draw like a local application with Edraw Flowchart ActiveX Control that lets you quickly build basic flowcharts, organizational charts, business charts, hr diagram, work flow, programming flowchart and network diagrams...

BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure

Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without...

Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. !/usr/bin/env python...

FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

SonicDICOM PACS 2.3.2 Multiple Stored Cross-Site Scripting Vulnerabilities

Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from multiple stored XSS vulnerabilities. Input passed to several API POST parameters is not properly sanitised before being returned to the...

Embedthis Appweb Web Server 3.2.2-1 (Ejscript) Remote XSS Vulnerability

Summary Appweb has a multi-threaded, event-driven, core to deliver exceptional throughput, response and outstanding memory utilization. It is compact and will embed using as little as 800K of memory. Appweb is a standards-based embedded HTTP server that has a wealth of features. Description Appwe...