Lucene search
K
ZeroscienceMost viewed

1109 matches found

Zero Science Lab
Zero Science Lab
added 2019/12/29 12:0 a.m.73 views

WEMS Enterprise Manager 2.58 (email) Reflected XSS

Summary WEMS Enterprise Manager is a centralised management and monitoring system for many WEMS equipped sites. It retrieves and stores data to enable energy analysis at an enterprise wide level. It is designed to give global visibility of the key areas that affect a buildings' environmental and...

6.1CVSS6.6AI score0.00805EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2019/05/13 12:0 a.m.73 views

SOCA Access Control System 180612 SQL Injection And Authentication Bypass

Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...

9.3CVSS6AI score0.00354EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/09/25 12:0 a.m.73 views

FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

8.7CVSS5.8AI score0.00422EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/05/03 12:0 a.m.73 views

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application is vulnerable to a DOM-based cross-site scripting. Da...

6.1CVSS5.8AI score0.00238EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/02/14 12:0 a.m.73 views

Delta Industrial Automation DCISoft 1.12.09 Stack Buffer Overflow Exploit

Summary DCISoft is a integrated configuration tool of Delta network modules DVPEN01-SL, RTU-EN01, IFD9506, IFD9507, DVPSCM12-SL, DVPSCM52-SL for WINDOWS operation system. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/05/12 12:0 a.m.73 views

Adobe Audition 3.0 (build 7283) Session File Handling Buffer Overflow PoC

Summary Recording, mixing, editing, and mastering — Adobe® Audition® 3 software is the all-in-one toolset for professional audio production. Description Adobe Audition suffers from a buffer overflow vulnerability when dealing with .SES session format file. The application failz to sanitize the us...

9.3CVSS6.3AI score0.13711EPSS
Exploits7
Zero Science Lab
Zero Science Lab
added 2010/04/22 12:0 a.m.73 views

EDraw Flowchart ActiveX Control 2.3 (.edd parsing) Remote Buffer Overflow PoC

Summary Do you want to learn how to draw? Now you can online! Learn how to draw like a local application with Edraw Flowchart ActiveX Control that lets you quickly build basic flowcharts, organizational charts, business charts, hr diagram, work flow, programming flowchart and network diagrams...

6.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.72 views

Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. !/usr/bin/env python...

8.7CVSS5.8AI score0.00706EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2015/01/05 12:0 a.m.72 views

AdaptCMS 3.0.3 HTTP Referer Header Field Open Redirect Vulnerability

Summary AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system...

5.8CVSS5.9AI score0.04398EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2021/01/26 12:0 a.m.71 views

STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description Input passed to the POST parameter 'files' is not properly sanitised...

5.4CVSS6.1AI score0.00182EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2019/12/29 12:0 a.m.71 views

WEMS BEMS 21.3.1 Undocumented Backdoor Account

Summary We WEMS offer the world's first fully wireless energy management system. Our solution enables your organization to take control of its energy costs, by monitoring lighting, heating and air conditioning equipment to identify wastage across multiple sites and start saving money instantly...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.71 views

Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description Insecure direct object references occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attacke...

9.8CVSS5.8AI score0.00524EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/05/25 12:0 a.m.71 views

EduSec 4.2.5 Multiple SQL Injection Vulnerabilities

Summary EduSec has a suite of selective modules specifically tailored to the requirements of education industry. EduSec is engineered and designed considering wide range of management functions within the university. With the use of EduSec, staff can be more accountable as it helps to know the...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/15 12:0 a.m.71 views

TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability

Summary TP3-PCLINK Software is the supportive software for TP03, providing three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input rapidly and correctly. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited ...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.71 views

Nullsoft Winamp 5.581 (wnaspi32.dll) DLL Hijacking Exploit

Summary Winamp is a media player for Windows-based PCs, written by Nullsoft, now a subsidiary of AOL. It is proprietary freeware/shareware, multi-format, extensible with plug-ins and skins, and is noted for its graphical sound visualization, playlist, and media library features. Description Winam...

9.3CVSS6.2AI score0.07826EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.70 views

Pachno 1.0.6 FileCache Deserialization Remote Code Execution

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

9.8CVSS6.4AI score0.00484EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2019/12/27 12:0 a.m.70 views

AVE DOMINAplus <=1.10.x Unauthenticated Remote Reboot

Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...

7.5CVSS7.2AI score0.03563EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2016/02/29 12:0 a.m.70 views

Crouzet em4 soft 1.1.04 Integer Division By Zero

Summary em4 is more than just a nano-PLC. It is a leading edge device supported by best-in-class tools that enables you to create and implement the smartest automation applications. Description em4 soft suffers from a division by zero attack when handling Crouzet Logic Software Document '.pm4'...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/19 12:0 a.m.70 views

BlueControl 3.5 SR5 Insecure Library Loading Arbitrary Code Execution

Summary Engineering Tool for West Pro Series of controllers KS20-1, KS92-1, TB40-1, KS800, KS816, Dig280-1, KS vario, CI45, KS45, SG45, TB45, RL400, Pro96, CAL4600. Description BlueControl suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/08/04 12:0 a.m.70 views

Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution

Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description Microweber suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due t...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/12/02 12:0 a.m.70 views

IPUX Cube Type CS303C IP Camera (UltraMJCamX.ocx) ActiveX Stack Buffer Overflow

Summary The device is Day and Night Cube Network camera with CMOS sensor. With Motion JPEG video compression, the file size of video stream is extremely reduced, as to optimize the network bandwidth efficiency. It has 3X digital zoom feature for a larger space monitoring. The ICS303C comes with a...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/12/29 12:0 a.m.69 views

HomeAutomation v3.3.2 CSRF Add Admin Exploit

Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...

8.8CVSS7.3AI score0.00748EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/05/30 12:0 a.m.69 views

OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities

Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/04/13 12:0 a.m.69 views

OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability

Summary OpenWGA is an advanced open source java based enterprise CMS platform featuring real WYSIWYG, a state of the art CMS IDE and more. Description OpenWGA suffers from a cross-site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/30 12:0 a.m.69 views

Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability

Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description XXE XML External Entity processing through upload of SVG images in the CMS, and through XML import in the CMS Console application. Hippo CMS 10.1 XML External Enti...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/03/18 12:0 a.m.68 views

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

7.5CVSS5.7AI score0.00378EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2015/10/22 12:0 a.m.68 views

Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities

Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...

8.8CVSS7.5AI score0.03061EPSS
Exploits6
Zero Science Lab
Zero Science Lab
added 2014/10/12 12:0 a.m.68 views

Croogo 2.0.0 Arbitrary PHP Code Execution Exploit

Summary Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MVC framework. Description Croogo suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/02/15 12:0 a.m.68 views

AutoPlay v1.33 (autoplay.ini) Local Buffer Overflow Exploit (SEH)

Summary AutoPlay is a shareware application used for making autorun.ini files that can be edited and stored to compact disks. Description The program suffers from a buffer overflow vulnerability when openinng autorun file .ini, as a result of adding extra bytes to parts of the edited file, giving...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2009/05/29 12:0 a.m.68 views

AIMP 2.51 build 330 (ID3v1/ID3v2 Tag) Remote Stack Buffer Overflow PoC (SEH)

Summary Freeware audio player. Description AIMP version 2.51 build 330 suffers from a stack based buffer overflow vulnerability that can be exploited via malicious media file that supports ID3 tags mp3. EIP and ECX registers gets overwritten, including the SE handler and the pointer to the next S...

9.3CVSS6AI score0.10419EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2016/08/06 12:0 a.m.67 views

NUUO Backdoor (strong_user.php) Remote Shell Access

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/07/19 12:0 a.m.67 views

Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description Wowza Streaming...

6.1CVSS6AI score0.00236EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2015/03/10 12:0 a.m.67 views

GeniXCMS v0.0.1 CSRF Add Admin Exploit

Summary GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work. Description The application allows users...

6.8CVSS7.3AI score0.03907EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2026/06/05 12:0 a.m.66 views

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Reflected XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

6.1CVSS5.6AI score0.00324EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.66 views

Pachno 1.0.6 (return_to) Open Redirection

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

7.1CVSS5.9AI score0.00338EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/06/21 12:0 a.m.66 views

SimpleRisk v20170416-001 Reflected XSS Vulnerabilities

Summary SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/07/28 12:0 a.m.66 views

Oxwall 1.7.0 Remote Code Execution Exploit

Summary Oxwall is unbelievably flexible and easy to use PHP/MySQL social networking software platform. Description Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thr...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/11/13 12:0 a.m.66 views

Hotaru CMS 1.4.2 SITE_NAME Parameter Stored XSS Vulnerability

Summary Hotaru CMS is an open source, PHP platform for building your own websites. With flexible plugins and themes, you can make any site you like. Description The CMS suffers from multiple XSS vulnerabilities. Input thru the POST parameters 'SITENAME' stored, 'return' reflected and the GET...

4.3CVSS6AI score0.02056EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/11/15 12:0 a.m.65 views

RED-V Super Digital Signage System RXV-A740R Log Information Disclosure

Summary RED-V Super Digital Signage transforms simple screens into customized TV channels, delivering audiovisual communication as immersive user experiences. It is the final blending of years of know-how in multimedia, mobile and web experience, tablet and multimedia server design. Description T...

7.5CVSS5.8AI score0.00378EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2014/11/18 12:0 a.m.65 views

Snowfox CMS v1.0 CSRF Add Admin Exploit

Summary Snowfox is an open source Content Management System CMS that allows your website users to create and share content based on permission configurations. Description Snowfox CMS suffers from a cross-site request forgery vulnerabilities. The application allows users to perform certain actions...

6.8CVSS5.7AI score0.02341EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2013/04/14 12:0 a.m.65 views

CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities

Summary CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. Description CMSLogik...

4.3CVSS6.1AI score0.04179EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2012/01/31 12:0 a.m.65 views

Mindjet MindManager 2012 v10.0.493 Multiple Remote Vulnerabilities

Summary An intuitive visual framework that fosters clarity, innovative thinking & communication to improve business results. Description MindManager suffers from several vulnerabilities included into the whole package. Several OCX and DLL libraries from 3rd party software glg.ocx,...

6.3CVSS6AI score0.00343EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2011/01/22 12:0 a.m.66 views

CultBooking 2.0.4 (cultbooking.php) Multiple XSS/PD Vulnerabilities

Summary Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support. Description CultBooking Hotel Booking...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2026/06/05 12:0 a.m.64 views

Lyrion Music Server 9.2.0 (metadata) Stored XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

7.2CVSS4.9AI score0.00197EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.64 views

Pachno 1.0.6 (uploadfile) Unrestricted File Upload Remote Code Execution

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

8.8CVSS6.2AI score0.00474EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2019/11/30 12:0 a.m.64 views

Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities

Summary Carlo Gavazzi is an international company that develops, manufactures and sells electrical automation components. Our products are used in industrial automation and real estate automation. Smart-house is based on a system that we have developed and produced since 1986, mainly for...

5.3CVSS6.1AI score0.00145EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/02/02 12:0 a.m.64 views

Baumer VeriSens Application Suite 2.6.2 Buffer Overflow Vulnerability

Summary The Baumer Application Suite is the intuitive configuration software for VeriSens vision sensors, which makes it quick and simple for even new users to implement image processing tasks. Starting with the creation of test tasks through to the management of jobs, the program will take you...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/12/14 12:0 a.m.64 views

Soitec SmartEnergy 1.4 SCADA Login SQL Injection Authentication Bypass Exploit

Summary Soitec power plants are a profitable and ecological investment at the same time. Using Concentrix technology, Soitec offers a reliable, proven, cost-effective and bankable solution for energy generation in the sunniest regions of the world. The application shows how Concentrix technology...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/02/26 12:0 a.m.63 views

Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities

Summary Infor® CRM, formerly Saleslogix, is an award-winning customer relationship management CRM solution that provides a complete view of customer interactions, so your business can collaborate and respond promptly and knowledgably to customer inquiries, sales opportunities, and service request...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/08/19 12:0 a.m.63 views

up.time 7.5.0 Upload And Execute File Exploit

Summary The next-generation of IT monitoring software. Description up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF,...

6AI score
Exploits0
Total number of security vulnerabilities1109