STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description Input passed to the POST parameter 'files' is not properly sanitised...

Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR

Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...

WEMS BEMS 21.3.1 Undocumented Backdoor Account

Summary We WEMS offer the world's first fully wireless energy management system. Our solution enables your organization to take control of its energy costs, by monitoring lighting, heating and air conditioning equipment to identify wastage across multiple sites and start saving money instantly...

WEMS Enterprise Manager 2.58 (email) Reflected XSS

Summary WEMS Enterprise Manager is a centralised management and monitoring system for many WEMS equipped sites. It retrieves and stores data to enable energy analysis at an enterprise wide level. It is designed to give global visibility of the key areas that affect a buildings' environmental and...

SOCA Access Control System 180612 SQL Injection And Authentication Bypass

Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...

BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure

Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...

Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description Insecure direct object references occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attacke...

EduSec 4.2.5 Multiple SQL Injection Vulnerabilities

Summary EduSec has a suite of selective modules specifically tailored to the requirements of education industry. EduSec is engineered and designed considering wide range of management functions within the university. With the use of EduSec, staff can be more accountable as it helps to know the...

TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability

Summary TP3-PCLINK Software is the supportive software for TP03, providing three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input rapidly and correctly. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited ...

AVE DOMINAplus <=1.10.x Unauthenticated Remote Reboot

Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...

Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution

Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description Microweber suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due t...

AdaptCMS 3.0.3 HTTP Referer Header Field Open Redirect Vulnerability

Summary AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system...

IPUX Cube Type CS303C IP Camera (UltraMJCamX.ocx) ActiveX Stack Buffer Overflow

Summary The device is Day and Night Cube Network camera with CMOS sensor. With Motion JPEG video compression, the file size of video stream is extremely reduced, as to optimize the network bandwidth efficiency. It has 3X digital zoom feature for a larger space monitoring. The ICS303C comes with a...

HomeAutomation v3.3.2 CSRF Add Admin Exploit

Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...

OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities

Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...

OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability

Summary OpenWGA is an advanced open source java based enterprise CMS platform featuring real WYSIWYG, a state of the art CMS IDE and more. Description OpenWGA suffers from a cross-site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being...

Crouzet em4 soft 1.1.04 Integer Division By Zero

Summary em4 is more than just a nano-PLC. It is a leading edge device supported by best-in-class tools that enables you to create and implement the smartest automation applications. Description em4 soft suffers from a division by zero attack when handling Crouzet Logic Software Document '.pm4'...

BlueControl 3.5 SR5 Insecure Library Loading Arbitrary Code Execution

Summary Engineering Tool for West Pro Series of controllers KS20-1, KS92-1, TB40-1, KS800, KS816, Dig280-1, KS vario, CI45, KS45, SG45, TB45, RL400, Pro96, CAL4600. Description BlueControl suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries...

Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities

Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...

Croogo 2.0.0 Arbitrary PHP Code Execution Exploit

Summary Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MVC framework. Description Croogo suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded...

AutoPlay v1.33 (autoplay.ini) Local Buffer Overflow Exploit (SEH)

Summary AutoPlay is a shareware application used for making autorun.ini files that can be edited and stored to compact disks. Description The program suffers from a buffer overflow vulnerability when openinng autorun file .ini, as a result of adding extra bytes to parts of the edited file, giving...

Nullsoft Winamp 5.581 (wnaspi32.dll) DLL Hijacking Exploit

Summary Winamp is a media player for Windows-based PCs, written by Nullsoft, now a subsidiary of AOL. It is proprietary freeware/shareware, multi-format, extensible with plug-ins and skins, and is noted for its graphical sound visualization, playlist, and media library features. Description Winam...

AIMP 2.51 build 330 (ID3v1/ID3v2 Tag) Remote Stack Buffer Overflow PoC (SEH)

Summary Freeware audio player. Description AIMP version 2.51 build 330 suffers from a stack based buffer overflow vulnerability that can be exploited via malicious media file that supports ID3 tags mp3. EIP and ECX registers gets overwritten, including the SE handler and the pointer to the next S...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application is vulnerable to a DOM-based cross-site scripting. Da...

NUUO Backdoor (strong_user.php) Remote Shell Access

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability

Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description XXE XML External Entity processing through upload of SVG images in the CMS, and through XML import in the CMS Console application. Hippo CMS 10.1 XML External Enti...

SimpleRisk v20170416-001 Reflected XSS Vulnerabilities

Summary SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic...

Hotaru CMS 1.4.2 SITE_NAME Parameter Stored XSS Vulnerability

Summary Hotaru CMS is an open source, PHP platform for building your own websites. With flexible plugins and themes, you can make any site you like. Description The CMS suffers from multiple XSS vulnerabilities. Input thru the POST parameters 'SITENAME' stored, 'return' reflected and the GET...

RED-V Super Digital Signage System RXV-A740R Log Information Disclosure

Summary RED-V Super Digital Signage transforms simple screens into customized TV channels, delivering audiovisual communication as immersive user experiences. It is the final blending of years of know-how in multimedia, mobile and web experience, tablet and multimedia server design. Description T...

Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description Wowza Streaming...

GeniXCMS v0.0.1 CSRF Add Admin Exploit

Summary GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work. Description The application allows users...

Snowfox CMS v1.0 CSRF Add Admin Exploit

Summary Snowfox is an open source Content Management System CMS that allows your website users to create and share content based on permission configurations. Description Snowfox CMS suffers from a cross-site request forgery vulnerabilities. The application allows users to perform certain actions...

Oxwall 1.7.0 Remote Code Execution Exploit

Summary Oxwall is unbelievably flexible and easy to use PHP/MySQL social networking software platform. Description Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thr...

Mindjet MindManager 2012 v10.0.493 Multiple Remote Vulnerabilities

Summary An intuitive visual framework that fosters clarity, innovative thinking & communication to improve business results. Description MindManager suffers from several vulnerabilities included into the whole package. Several OCX and DLL libraries from 3rd party software glg.ocx,...

CultBooking 2.0.4 (cultbooking.php) Multiple XSS/PD Vulnerabilities

Summary Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support. Description CultBooking Hotel Booking...

Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities

Summary Carlo Gavazzi is an international company that develops, manufactures and sells electrical automation components. Our products are used in industrial automation and real estate automation. Smart-house is based on a system that we have developed and produced since 1986, mainly for...

Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit

Summary Soitec power plants are a profitable and ecological investment at the same time. Using Concentrix technology, Soitec offers a reliable, proven, cost-effective and bankable solution for energy generation in the sunniest regions of the world. The application shows how Concentrix technology...

CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities

Summary CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. Description CMSLogik...

phpList 2.10.17 Remote SQL Injection and XSS Vulnerability

Summary phplist is the world's most popular open source email campaign manager. phplist is free to download, install and use, and is easy to integrate with any website. phplist is downloaded more than 10,000 times per month. Description Input passed via the parameter 'sortby' is not properly...

Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities

Summary Infor® CRM, formerly Saleslogix, is an award-winning customer relationship management CRM solution that provides a complete view of customer interactions, so your business can collaborate and respond promptly and knowledgably to customer inquiries, sales opportunities, and service request...

Baumer VeriSens Application Suite 2.6.2 Buffer Overflow Vulnerability

Summary The Baumer Application Suite is the intuitive configuration software for VeriSens vision sensors, which makes it quick and simple for even new users to implement image processing tasks. Starting with the creation of test tasks through to the management of jobs, the program will take you...

ACE Stream Media 2.1 (acestream://) Format String Exploit PoC

Summary Ace Stream is an innovative multimedia platform of a new generation, which includes different products and solutions for ordinary Internet users as well as for professional members of the multimedia market. Ace Stream uses in its core, P2P peer-to-peer technology, BitTorrent protocol, whi...

Lightweight Music Server (LMS) 3.76.0 (metadata) Stored XSS

Summary LMS Lightweight Music Server: A specific C++ based project focused on a low memory footprint, featuring built-in user management and a recommendation engine. Description LMS stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders...

Intel Modular Server System 10.18 CSRF Change Admin Password Exploit

Summary The Intel Modular Server System is a blade system manufactured by Intel using their own motherboards and processors. The Intel Modular Server System consists of an Intel Modular Server Chassis, up to six diskless Compute Blades, an integrated storage area network SAN, and three to five...

NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability

Summary NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible. Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST paramete...

ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE

Summary A full featured DICOM server has been developed based on the public domain UCDMC DICOM code. Some possible applications of the Conquest DICOM software are: DICOM training and testing; Demonstration image archives; Image format conversion from a scanner with DICOM network access; DICOM ima...

Autonics DAQMaster 1.7.3 DQP Parsing Buffer Overflow Code Execution

Summary DAQMaster is comprehensive device management program that can be used with Autonics thermometers, panel meters, pulse meters, and counters, etc and with Konics recorders, indicators. DAQMaster provides GUI control for easy and convenient management of parameters and multiple device data...

up.time 7.5.0 Upload And Execute File Exploit

Summary The next-generation of IT monitoring software. Description up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF,...

Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation

Summary Uplay PC is a desktop client which replaces individual game launchers previously used for Ubisoft games. With Uplay PC, you have all your Uplay enabled games and Uplay services in the same place and you get access to a whole new set of features for your PC games. Description Uplay for PC...