1109 matches found
up.time 7.5.0 Upload And Execute File Exploit
Summary The next-generation of IT monitoring software. Description up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF,...
ACE Stream Media 2.1 (acestream://) Format String Exploit PoC
Summary Ace Stream is an innovative multimedia platform of a new generation, which includes different products and solutions for ordinary Internet users as well as for professional members of the multimedia market. Ace Stream uses in its core, P2P peer-to-peer technology, BitTorrent protocol, whi...
Antamedia Internet Cafe Software 7.1 Insecure Permissions/DLL Loading
Summary Internet Cafe Software – Cyber Cafe software is a worldwide top selling solution for CyberCafe management and game center control. It protects your computers from unauthorized usage and helps with customer billing. Many features like POS, print manager, console controller, smart cards,...
Lyrion Music Server 9.2.0 (server.log) Unauthenticated Stored XSS
Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...
Pachno 1.0.6 Stored Cross-Site Scripting
Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...
Intel Modular Server System 10.18 CSRF Change Admin Password Exploit
Summary The Intel Modular Server System is a blade system manufactured by Intel using their own motherboards and processors. The Intel Modular Server System consists of an Intel Modular Server Chassis, up to six diskless Compute Blades, an integrated storage area network SAN, and three to five...
NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability
Summary NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible. Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST paramete...
ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE
Summary A full featured DICOM server has been developed based on the public domain UCDMC DICOM code. Some possible applications of the Conquest DICOM software are: DICOM training and testing; Demonstration image archives; Image format conversion from a scanner with DICOM network access; DICOM ima...
Autonics DAQMaster 1.7.3 DQP Parsing Buffer Overflow Code Execution
Summary DAQMaster is comprehensive device management program that can be used with Autonics thermometers, panel meters, pulse meters, and counters, etc and with Konics recorders, indicators. DAQMaster provides GUI control for easy and convenient management of parameters and multiple device data...
Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit
Summary Lunar CMS is a freely distributable open source content management system written for use on servers running the ever so popular PHP5 & MySQL. Description Lunar CMS suffers from an unauthenticated arbitrary command execution vulnerability. The issue is caused due to the improper...
Thrive Smart Home v1.1 SQL Injection Authentication Bypass
Summary As smart home technology becomes more affordable and easy to install with services offered by Thrive Smart Homes, there are some great options available to give your home a high-tech makeover. If the convenience of feeding your cat or turning on your air conditioning with a tap on your...
SOCA Access Control System 180612 CSRF Add Admin Exploit
Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...
Orthanc DICOM Server 1.1.0 Remote Memory Corruption Vulnerability
Summary Orthanc is a Belgian, open-source, lightweight RESTful DICOM server for healthcare and medical research with an ubiquitous web interface that enables you to upload, receive and transfer DICOM images. It comes with a REST API to automate imaging flows and an SDK to integrate with native...
Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation
Summary Uplay PC is a desktop client which replaces individual game launchers previously used for Ubisoft games. With Uplay PC, you have all your Uplay enabled games and Uplay services in the same place and you get access to a whole new set of features for your PC games. Description Uplay for PC...
Native Instruments Reaktor 5 Player v5.5.1 Insecure Library Loading Vulnerability
Summary REAKTOR 5 PLAYER is your free entry point to the award-winning and avant-garde audio world of REAKTOR 5 - the super-powerful modular sound studio that made Native Instruments famous. Description Reaktor 5 Player suffers from a DLL hijacking vulnerability, which could be exploited by remot...
Pachno 1.0.6 (runSwitchUser()) Remote Vertical Privilege Escalation
Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...
Ross Video DashBoard 8.5.1 Insecure Permissions
Summary DashBoard is a free and open platform from Ross Video for facility control and monitoring that enables users to quickly build unique, tailored Custom Panels that make complex operations simple. Description DashBoard suffers from an elevation of privileges vulnerability which can be used b...
NationBuilder Multiple Stored XSS Vulnerabilities
Summary NationBuilder is a unique nonpartisan community organizing system that brings together a comprehensive suite of tools that today's leaders and creators need to gather their tribes. Deeply social. Description The application suffers from multiple stored XSS vulnerabilities. Input passed to...
Asbru Web Content Management System v9.2.7 Multiple Vulnerabilities
Summary Ready to use, full-featured, database-driven web content management system CMS with integrated community, databases, e-commerce and statistics modules for creating, publishing and managing rich and user-friendly Internet, Extranet and Intranet websites. Description Asbru WCM suffers from...
IceHrm <=7.1 Multiple Vulnerabilities
Summary IceHrm is Human Resource Management web software for small and medium sized organizations. The software is written in PHP. It has community free, commercial and hosted cloud solution. Description IceHrm IceHrm =7.1 Multiple Vulnerabilities Vendor: IceHRM Product web page:...
phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability
Summary phpThumb uses the GD library to create thumbnails from images JPEG, PNG, GIF, BMP, etc on the fly. The output size is configurable can be larger or smaller than the source, and the source may be the entire image or only a portion of the original image. Description phpThumb is prone to a...
Pachno 1.0.6 Cross-Site Request Forgery
Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...
Fifthplay S.A.M.I - Service And Management Interface Unauthenticated Stored XSS
Summary Fifthplay is a Belgian high-tech player and a subsidiary of Niko Group. We specialise in enriching smart homes and buildings for almost 10 years, and in services that provide comfort and energy. Our gateway provides a modular approach to integrating old and new technologies, such as smart...
OV3 Online Administration 3.0 Authenticated Code Execution
Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...
Circutor PowerStudio SCADA 4.0.5 Unquoted Service Path Elevation Of Privilege
Summary CIRCUTOR's Electrical Energy Efficiency software e3 is currently called PowerStudio and encompasses all of the tools needed to manage your power control equipment: from electricity, gas and water meters to reactive energy compensation systems and powerful power analyzers. Description The...
Native Instruments Traktor Pro 1.2.6 Stack-based Buffer Overflow Vulnerability
Summary TRAKTOR PRO is the new benchmark in DJ software. Mix digital files on four decks, using the high-quality internal mixer or external hardware, and the best effects suite around. Fully primed for professional use, TRAKTOR PRO redefines the art of DJing. Description Desc: Traktor Pro suffers...
UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin
Summary Medivision is a service that provides everything from DID operation to development of DID Digital Information Display optimized for hospital environment and production of professional contents, through DID product installation, image, video content planning, design work, and remote contro...
Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write
Summary The SG gateway appliance range provides Internet security and privacy of communications for small and medium enterprises, and branch offices. It simply and securely connects your office to the Internet, and with its robust stateful firewall, shields your computers from external threats...
FIBARO System Home Center v5.021 Remote File Include XSS
Summary Imagine that you live in a house where everything happens by itself. FIBARO Smart Home takes care of your everyday comfort and safety of all family members and in the meantime, saves energy on every single occasion. All this is possible thanks to Home Center 2 smart home HUB. Home Center ...
Farmer's Fridge Kiosk 2.0.0 Unprotected Event Log Information Disclosure
Summary Don’t think of the Farmer’s Fridge kiosk as a vending machine. It’s a veggie machine. And just as each salad is a culinary thing of beauty, the kiosk is a work of art in its own right. Made from reclaimed wood provided by Modern Urban Woods of West Chicago and even some recycled materials...
Realtek 11n Wireless LAN Utility Privilege Escalation
Summary Realtek 11n Wireless LAN utility is deployed and used by realtek alfa cards and more in order to help diagnose and view wireless card properties. Description The application suffers from an unquoted search path issue impacting the Realtek Service 'Realtek11nSU' and 'Realtek11nCU' for...
u5CMS 3.9.3 (deletefile.php) Arbitrary File Deletion Vulnerability
Summary u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review processes, personalized serial mails, PayPal payments and online surveys based on PHP and MySQL and Apache. Description Input passed to the 'f' parameter...
BitRaider Streaming Client 1.3.3.4098 Local Privilege Escalation Vulnerability
Summary BitRaider is a video game streaming and download service. Description BitRaider contains a flaw that leads to unauthorized privileges being gained. The issue is due to the program granting improper permissions with the 'F' flag for the 'Users' group, which makes the entire 'BitRaider'...
Music Tag Editor 1.61 build 212 Remote Buffer Overflow PoC
Summary Simple-to-use WMA / MP3 tag editor that allows you to change tagged information about your MP3/WMA music files. Quickly change music filenames, create PLS/M3U playlists and even add lyrics to your music files, with full UNICODE support. Music filenames and tags are never what they should,...
Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User
Summary The SG gateway appliance range provides Internet security and privacy of communications for small and medium enterprises, and branch offices. It simply and securely connects your office to the Internet, and with its robust stateful firewall, shields your computers from external threats...
devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
Summary devolo dLAN® Cockpit is a software tool that allows devolo customers to monitor and optimise their dLAN® network using a software tool. Description The application suffers from an unquoted search path issue impacting the service 'DevoloNetworkService' for Windows deployed as part of Devol...
Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection
Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...
Applications Manager 12.5 Arbitrary Command Execution Exploit
Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...
GLPI v0.83.7 (itemtype) Parameter Traversal Arbitrary File Access Exploit
Summary GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was designed by Indepnet Association a non profit organisation in 2003. GLPI is a free asset and IT management software package, it also offers functionalities like servicedesk ITIL or...
Securimage 3.5 URI-based Cross-Site Scripting Vulnerability
Summary Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. Description Securimage suffers from a XSS issue in 'exampleform.php' that uses the 'REQUESTURI' variable. The vulnerability is present because there...
IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities
Summary Through its extraordinary flexibility, reliability, and performance, the IBM® System Storage® series is designed to manage a broad scope of storage workloads that exist in today’s complex data center and do it effectively and efficiently. This flagship IBM disk system can bring simplicity...
CultBooking 2.0.4 (lang) Local File Inclusion Vulnerability
Summary Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings and set the actual availabilities in the hotels pms. This is easy to install and easy to integrate with full support. Description CultBooking suffers from a...
Native Instruments Service Center 2.2.5 Local Privilege Escalation Vulnerability
Summary The NI Service Center is a service used for Product Activation. Description The Native Instruments's Service Center suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist...
Corel WordPerfect Office X5 15.0.0.357 (wpd) Remote Buffer Preoccupation PoC
Summary Corel® WordPerfect® Office X5 – Standard Edition is the essential office suite for word processing, spreadsheets, presentations and email. Chosen over Microsoft® Office by millions of longtime users, it integrates the latest productivity software with the best of the Web. Work faster and...
BlazeVideo HDTV Player <= 3.5 PLF Playlist File Remote Buffer Overflow Exploit
Summary BlazeVideo HDTV Player BlazeDTV is a full-featured and easy-to-use HDTV Player software, combining HDTV playback, FM receiving, video record and DVD playback functions. You can make advantage of PC monitor's high resolution, watch, record, playback high definition HDTV program or teletext...
Lyrion Music Server 9.2.0 (search.*) Multiple Script Insertions
Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...
Pachno 1.0.6 Wiki TextParser XXE Vulnerability
Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...
STVS ProVision 5.9.10 (archive.rb) Authenticated File Disclosure Vulnerability
Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description The NVR software ProVision suffers from an authenticated arbitrary fi...
IBM Cognos Business Intelligence Developer 10.2.1 (backURL) Open Redirect
Summary IBM Cognos Business Intelligence is a web-based, integrated business intelligence suite by IBM. It provides a toolset for reporting, analysis, scorecarding, and monitoring of events and metrics. The software consists of several components to meet the different information requirements in ...
TRENDnet SecurView Wireless Network Camera TV-IP422WN (UltraCamX.ocx) Stack BoF
Summary SecurView Wireless N Day/Night Pan/Tilt Internet Camera, a powerful dual-codec wireless network camera with the 2-way audio function that provides the high-quality image and on-the-spot audio via the Internet connection. Description The UltraCam ActiveX Control 'UltraCamX.ocx' suffers fro...