Lucene search
K
ZeroscienceMost viewed

1109 matches found

Zero Science Lab
Zero Science Lab
added 2015/08/19 12:0 a.m.63 views

up.time 7.5.0 Upload And Execute File Exploit

Summary The next-generation of IT monitoring software. Description up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF,...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/01/02 12:0 a.m.63 views

ACE Stream Media 2.1 (acestream://) Format String Exploit PoC

Summary Ace Stream is an innovative multimedia platform of a new generation, which includes different products and solutions for ordinary Internet users as well as for professional members of the multimedia market. Ace Stream uses in its core, P2P peer-to-peer technology, BitTorrent protocol, whi...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/04/03 12:0 a.m.63 views

Antamedia Internet Cafe Software 7.1 Insecure Permissions/DLL Loading

Summary Internet Cafe Software – Cyber Cafe software is a worldwide top selling solution for CyberCafe management and game center control. It protects your computers from unauthorized usage and helps with customer billing. Many features like POS, print manager, console controller, smart cards,...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2026/06/05 12:0 a.m.62 views

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Stored XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

7.2CVSS5.4AI score0.00183EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.62 views

Pachno 1.0.6 Stored Cross-Site Scripting

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

7.2CVSS6.1AI score0.00161EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2019/03/13 12:0 a.m.62 views

Intel Modular Server System 10.18 CSRF Change Admin Password Exploit

Summary The Intel Modular Server System is a blade system manufactured by Intel using their own motherboards and processors. The Intel Modular Server System consists of an Intel Modular Server Chassis, up to six diskless Compute Blades, an integrated storage area network SAN, and three to five...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/29 12:0 a.m.62 views

NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability

Summary NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible. Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST paramete...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.62 views

ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE

Summary A full featured DICOM server has been developed based on the public domain UCDMC DICOM code. Some possible applications of the Conquest DICOM software are: DICOM training and testing; Demonstration image archives; Image format conversion from a scanner with DICOM network access; DICOM ima...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/02/01 12:0 a.m.62 views

Autonics DAQMaster 1.7.3 DQP Parsing Buffer Overflow Code Execution

Summary DAQMaster is comprehensive device management program that can be used with Autonics thermometers, panel meters, pulse meters, and counters, etc and with Konics recorders, indicators. DAQMaster provides GUI control for easy and convenient management of parameters and multiple device data...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/06/21 12:0 a.m.62 views

Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit

Summary Lunar CMS is a freely distributable open source content management system written for use on servers running the ever so popular PHP5 & MySQL. Description Lunar CMS suffers from an unauthenticated arbitrary command execution vulnerability. The issue is caused due to the improper...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/12/29 12:0 a.m.61 views

Thrive Smart Home v1.1 SQL Injection Authentication Bypass

Summary As smart home technology becomes more affordable and easy to install with services offered by Thrive Smart Homes, there are some great options available to give your home a high-tech makeover. If the convenience of feeding your cat or turning on your air conditioning with a tap on your...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/05/13 12:0 a.m.61 views

SOCA Access Control System 180612 CSRF Add Admin Exploit

Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...

5.3CVSS5.8AI score0.00191EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.61 views

Orthanc DICOM Server 1.1.0 Remote Memory Corruption Vulnerability

Summary Orthanc is a Belgian, open-source, lightweight RESTful DICOM server for healthcare and medical research with an ubiquitous web interface that enables you to upload, receive and transfer DICOM images. It comes with a REST API to automate imaging flows and an SDK to integrate with native...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/02/25 12:0 a.m.61 views

Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation

Summary Uplay PC is a desktop client which replaces individual game launchers previously used for Ubisoft games. With Uplay PC, you have all your Uplay enabled games and Uplay services in the same place and you get access to a whole new set of features for your PC games. Description Uplay for PC...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.61 views

Native Instruments Reaktor 5 Player v5.5.1 Insecure Library Loading Vulnerability

Summary REAKTOR 5 PLAYER is your free entry point to the award-winning and avant-garde audio world of REAKTOR 5 - the super-powerful modular sound studio that made Native Instruments famous. Description Reaktor 5 Player suffers from a DLL hijacking vulnerability, which could be exploited by remot...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.60 views

Pachno 1.0.6 (runSwitchUser()) Remote Vertical Privilege Escalation

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

7.1CVSS5.9AI score0.00304EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2019/04/23 12:0 a.m.60 views

Ross Video DashBoard 8.5.1 Insecure Permissions

Summary DashBoard is a free and open platform from Ross Video for facility control and monitoring that enables users to quickly build unique, tailored Custom Panels that make complex operations simple. Description DashBoard suffers from an elevation of privileges vulnerability which can be used b...

8.8CVSS5.8AI score0.00202EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/04/23 12:0 a.m.60 views

NationBuilder Multiple Stored XSS Vulnerabilities

Summary NationBuilder is a unique nonpartisan community organizing system that brings together a comprehensive suite of tools that today's leaders and creators need to gather their tribes. Deeply social. Description The application suffers from multiple stored XSS vulnerabilities. Input passed to...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/04/05 12:0 a.m.60 views

Asbru Web Content Management System v9.2.7 Multiple Vulnerabilities

Summary Ready to use, full-featured, database-driven web content management system CMS with integrated community, databases, e-commerce and statistics modules for creating, publishing and managing rich and user-friendly Internet, Extranet and Intranet websites. Description Asbru WCM suffers from...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/12/08 12:0 a.m.60 views

IceHrm <=7.1 Multiple Vulnerabilities

Summary IceHrm is Human Resource Management web software for small and medium sized organizations. The software is written in PHP. It has community free, commercial and hosted cloud solution. Description IceHrm IceHrm =7.1 Multiple Vulnerabilities Vendor: IceHRM Product web page:...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/05/16 12:0 a.m.60 views

phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability

Summary phpThumb uses the GD library to create thumbnails from images JPEG, PNG, GIF, BMP, etc on the fly. The output size is configurable can be larger or smaller than the source, and the source may be the entire image or only a portion of the original image. Description phpThumb is prone to a...

4.3CVSS6AI score0.01673EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.59 views

Pachno 1.0.6 Cross-Site Request Forgery

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

5.3CVSS5.9AI score0.00109EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2020/01/28 12:0 a.m.59 views

Fifthplay S.A.M.I - Service And Management Interface Unauthenticated Stored XSS

Summary Fifthplay is a Belgian high-tech player and a subsidiary of Niko Group. We specialise in enriching smart homes and buildings for almost 10 years, and in services that provide comfort and energy. Our gateway provides a modular approach to integrating old and new technologies, such as smart...

6.1CVSS6.7AI score0.00672EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/05/30 12:0 a.m.59 views

OV3 Online Administration 3.0 Authenticated Code Execution

Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/05 12:0 a.m.59 views

Circutor PowerStudio SCADA 4.0.5 Unquoted Service Path Elevation Of Privilege

Summary CIRCUTOR's Electrical Energy Efficiency software e3 is currently called PowerStudio and encompasses all of the tools needed to manage your power control equipment: from electricity, gas and water meters to reactive energy compensation systems and powerful power analyzers. Description The...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.59 views

Native Instruments Traktor Pro 1.2.6 Stack-based Buffer Overflow Vulnerability

Summary TRAKTOR PRO is the new benchmark in DJ software. Mix digital files on four decks, using the high-quality internal mixer or external hardware, and the best effects suite around. Fully primed for professional use, TRAKTOR PRO redefines the art of DJing. Description Desc: Traktor Pro suffers...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2020/07/19 12:0 a.m.58 views

UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin

Summary Medivision is a service that provides everything from DID operation to development of DID Digital Information Display optimized for hospital environment and production of professional contents, through DID product installation, image, video content planning, design work, and remote contro...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2020/06/04 12:0 a.m.58 views

Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write

Summary The SG gateway appliance range provides Internet security and privacy of communications for small and medium enterprises, and branch offices. It simply and securely connects your office to the Internet, and with its robust stateful firewall, shields your computers from external threats...

8.8CVSS5.9AI score0.00636EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/03/22 12:0 a.m.58 views

FIBARO System Home Center v5.021 Remote File Include XSS

Summary Imagine that you live in a house where everything happens by itself. FIBARO Smart Home takes care of your everyday comfort and safety of all family members and in the meantime, saves energy on every single occasion. All this is possible thanks to Home Center 2 smart home HUB. Home Center ...

7.5CVSS5.9AI score0.00443EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/03/26 12:0 a.m.58 views

Farmer's Fridge Kiosk 2.0.0 Unprotected Event Log Information Disclosure

Summary Don’t think of the Farmer’s Fridge kiosk as a vending machine. It’s a veggie machine. And just as each salad is a culinary thing of beauty, the kiosk is a work of art in its own right. Made from reclaimed wood provided by Modern Urban Woods of West Chicago and even some recycled materials...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/02/24 12:0 a.m.58 views

Realtek 11n Wireless LAN Utility Privilege Escalation

Summary Realtek 11n Wireless LAN utility is deployed and used by realtek alfa cards and more in order to help diagnose and view wireless card properties. Description The application suffers from an unquoted search path issue impacting the Realtek Service 'Realtek11nSU' and 'Realtek11nCU' for...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/02/09 12:0 a.m.58 views

u5CMS 3.9.3 (deletefile.php) Arbitrary File Deletion Vulnerability

Summary u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review processes, personalized serial mails, PayPal payments and online surveys based on PHP and MySQL and Apache. Description Input passed to the 'f' parameter...

6.4CVSS5.8AI score0.07268EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/12/23 12:0 a.m.58 views

BitRaider Streaming Client 1.3.3.4098 Local Privilege Escalation Vulnerability

Summary BitRaider is a video game streaming and download service. Description BitRaider contains a flaw that leads to unauthorized privileges being gained. The issue is due to the program granting improper permissions with the 'F' flag for the 'Users' group, which makes the entire 'BitRaider'...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2009/07/16 12:0 a.m.58 views

Music Tag Editor 1.61 build 212 Remote Buffer Overflow PoC

Summary Simple-to-use WMA / MP3 tag editor that allows you to change tagged information about your MP3/WMA music files. Quickly change music filenames, create PLS/M3U playlists and even add lyrics to your music files, with full UNICODE support. Music filenames and tags are never what they should,...

9.3CVSS6.4AI score0.05757EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2020/06/04 12:0 a.m.57 views

Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User

Summary The SG gateway appliance range provides Internet security and privacy of communications for small and medium enterprises, and branch offices. It simply and securely connects your office to the Internet, and with its robust stateful firewall, shields your computers from external threats...

8.8CVSS5.8AI score0.00231EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2019/02/03 12:0 a.m.57 views

devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation

Summary devolo dLAN® Cockpit is a software tool that allows devolo customers to monitor and optimise their dLAN® network using a software tool. Description The application suffers from an unquoted search path issue impacting the service 'DevoloNetworkService' for Windows deployed as part of Devol...

8.5CVSS7.6AI score0.00133EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.57 views

Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/13 12:0 a.m.57 views

Applications Manager 12.5 Arbitrary Command Execution Exploit

Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2013/06/19 12:0 a.m.57 views

GLPI v0.83.7 (itemtype) Parameter Traversal Arbitrary File Access Exploit

Summary GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was designed by Indepnet Association a non profit organisation in 2003. GLPI is a free asset and IT management software package, it also offers functionalities like servicedesk ITIL or...

7.5CVSS7.1AI score0.12976EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2013/05/10 12:0 a.m.57 views

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

Summary Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. Description Securimage suffers from a XSS issue in 'exampleform.php' that uses the 'REQUESTURI' variable. The vulnerability is present because there...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/06/20 12:0 a.m.57 views

IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities

Summary Through its extraordinary flexibility, reliability, and performance, the IBM® System Storage® series is designed to manage a broad scope of storage workloads that exist in today’s complex data center and do it effectively and efficiently. This flagship IBM disk system can bring simplicity...

6.5CVSS6.2AI score0.05142EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2011/01/22 12:0 a.m.57 views

CultBooking 2.0.4 (lang) Local File Inclusion Vulnerability

Summary Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support. Description CultBooking suffers from a...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.57 views

Native Instruments Service Center 2.2.5 Local Privilege Escalation Vulnerability

Summary The NI Service Center is a service used for Product Activation. Description The Native Instruments's Service Center suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/07/12 12:0 a.m.57 views

Corel WordPerfect Office X5 15.0.0.357 (wpd) Remote Buffer Preoccupation PoC

Summary Corel® WordPerfect® Office X5 – Standard Edition is the essential office suite for word processing, spreadsheets, presentations and email. Chosen over Microsoft® Office by millions of longtime users, it integrates the latest productivity software with the best of the Web. Work faster and...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2009/02/04 12:0 a.m.57 views

BlazeVideo HDTV Player <= 3.5 PLF Playlist File Remote Buffer Overflow Exploit

Summary BlazeVideo HDTV Player BlazeDTV is a full-featured and easy-to-use HDTV Player software, combining HDTV playback, FM receiving, video record and DVD playback functions. You can make advantage of PC monitor's high resolution, watch, record, playback high definition HDTV program or teletext...

9.3CVSS6.2AI score0.10139EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2026/06/05 12:0 a.m.56 views

Lyrion Music Server 9.2.0 (search.*) Multiple Script Insertions

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

6.1CVSS5.4AI score0.00158EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.56 views

Pachno 1.0.6 Wiki TextParser XXE Vulnerability

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

9.8CVSS6AI score0.00373EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2021/01/26 12:0 a.m.56 views

STVS ProVision 5.9.10 (archive.rb) Authenticated File Disclosure Vulnerability

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description The NVR software ProVision suffers from an authenticated arbitrary fi...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/05/24 12:0 a.m.56 views

IBM Cognos Business Intelligence Developer 10.2.1 (backURL) Open Redirect

Summary IBM Cognos Business Intelligence is a web-based, integrated business intelligence suite by IBM. It provides a toolset for reporting, analysis, scorecarding, and monitoring of events and metrics. The software consists of several components to meet the different information requirements in ...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/11/25 12:0 a.m.56 views

TRENDnet SecurView Wireless Network Camera TV-IP422WN (UltraCamX.ocx) Stack BoF

Summary SecurView Wireless N Day/Night Pan/Tilt Internet Camera, a powerful dual-codec wireless network camera with the 2-way audio function that provides the high-quality image and on-the-spot audio via the Internet connection. Description The UltraCam ActiveX Control 'UltraCamX.ocx' suffers fro...

7.5CVSS6.3AI score0.10054EPSS
Exploits2
Total number of security vulnerabilities1109