WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit

Summary MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Description Input passed to the 'selitems' parameter is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the we...

Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability

Summary Snowfox is an open source Content Management System CMS that allows your website users to create and share content based on permission configurations. Description Input passed via the 'rd' GET parameter in 'selectlanguage.class.php' script is not properly verified before being used to...

PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability

Summary PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it was built with modularity in mind. Lightweight, themeable and dynamic. Description PyroCMS suffers from a stored XSS and HTTP Response Splitting vulnerability when parsing user input to the 'title' an...

Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF

Summary Keep up with the demands of today’s remote workforce. Enable secure mobile access to critical apps and data without compromising security. Choose from a variety of scalable secure mobile access SMA appliances and intuitive Mobile Connect apps to fit every size business and budget...

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

Wowza Streaming Engine 4.5.0 Local Privilege Escalation

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description Wowza Streaming...

Manage Engine Applications Manager 12 Multiple Vulnerabilities

Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...

SciTools Understand 2.6 (wintab32.dll) DLL Loading Arbitrary Code Execution

Summary Understand is a static analysis tool for maintaining, measuring, and analyzing critical or large code bases. Description The vulnerability is caused due to the application loading libraries wintab32.dll in an insecure manner. This can be exploited to load arbitrary libraries by tricking a...

LEADTOOLS ActiveX Raster Twain v16.5 (LtocxTwainu.dll) Remote Buffer Overflow PoC

Summary With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN 32 and 64 bit device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning...

CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln

Summary Triple Play is a PHP script that CableTEL offers its clients to check their internet traffic status. Description Triple Play suffers from a security bypass vulnerability login.php with sql injection attack. The login page can be accessed only by CableTEL's users. The script fails to...

OsiriX DICOM Viewer 8.0.1 (dulparse.cc) Remote Memory Corruption Vulnerability

Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...

Omeka 2.2.1 Remote Code Execution Exploit

Summary Omeka is a free, flexible, and open source web-publishing platform for the display of library, museum, archives, and scholarly collections and exhibitions. Its 'five-minute setup' makes launching an online exhibition as easy as launching a blog. Description Omeka suffers from an...

Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities

Summary The Barracuda SSL VPN is a powerful plug-and-play appliance purpose-built to provide remote users with secure access to internal network resources. Description Barracuda SSL VPN suffers from multiple stored XSS vulnerabilities when parsing user input to several parameters via POST method...

ManageEngine ADManager Plus 5.2 Multiple XSS Vulnerabilities

Summary ADManager Plus is a simple, easy-to-use Windows Active Directory Management and Reporting Solution that helps AD Administrators and Help Desk Technicians with their day-to-day activities. Description ADManager Plus suffers from multiple XSS vulnerabilities when parsing user input to the...

Kentico CMS <=5.5R2.23 Cross-Site Scripting POST Injection Vulnerability

Summary .NET Web Content Management System for ASP.NET. Description Kentico CMS suffers from a XSS vulnerability when parsing user input to the 'userContextMenuparameter' parameter via POST method in '/examples/webparts/membership/users-viewer.aspx'. Attackers can exploit this weakness to execute...

Carom3D 5.06 Unicode Buffer Overrun/DoS Vulnerability

Summary Carom 3D is an online multi-user billiard game created with special 3D graphic effects bringing every aspect such as 6 ball, 9 ball, 8 ball and other Billiard games to life. Description The world famous korean game Carom3D suffers from a buffer overflow and a denial of service...

iBilling v3.7.0 Multiple Stored and Reflected Cross-Site Scripting Vulnerabilities

Summary Summary: The features you want, the simplicity you need! Beautifully designed for best User Interface & User Experience. The software That Works For YOUR Business! Get growing - with affordable, scalable business software. Find innovative ways to manage customers data, communicate with...

FlatPress 1.0.3 CSRF Arbitrary File Upload

Summary FlatPress is a blogging engine that saves your posts as simple text files. Forget about SQL! You just need some PHP. Description The vulnerability is caused due to the improper verification of uploaded files via the Uploader script using 'upload' POST parameter which allows of arbitrary...

iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions

Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...

TECO JN5 L510-DriveLink 1.482 SEH Overwrite Buffer Overflow Exploit

Summary JN5 DriveLink is a free program that enables you to configure the AC Motor Drive, 510 Series PC-Link. It provides support for sleep and fire modes favourable for pumps, fans, compressors, and HVAC and communication network protocol of Modbus/ BACnet/ Metasys N2. Description The...

ArticleFR 3.0.6 CSRF Add Admin Exploit

Summary A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This c...

WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities

Summary MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Description MiwoFTP WP Plugin suffers from multiple cross-site request forgery and xss vulnerabilities. The application allows users to perform certain actions via HTTP requests...

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

Summary Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. Description Securimage suffers from a XSS issue in 'exampleform.php' that uses the 'REQUESTURI' variable. The vulnerability is present because there...

PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability

Summary PRADO is a component-based and event-driven programming framework for developing Web applications in PHP 5. PRADO stands for PHP Rapid Application Development Object-oriented. Description Input passed to the 'sr' parameter in 'functionaltests.php' is not properly sanitised before being us...

Aladdin eToken PKI Client v4.5 Virtual File Handling Unspecified Memory Corruption PoC

Summary The eToken PKI Client is the software that enables eToken USB operation and the implementation of eToken PKI-based solutions. These solutions include certificate-based strong two-factor authentication, encryption and digital signing. With the PKI Client your PKI solutions become highly...

DALIM SOFTWARE ES Core 5.0 build 7184.1 Server-Side Request Forgery

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS

Summary Uncompromising security and performance for emerging large organizations. The NSA 6600 network security appliance delivers best-in-class protection, speed and scalability with 12 Gbps throughput and up to 6000 VPN clients. Description SonicWALL NSA suffers from a XSS issue due to a failur...

couponPHP CMS 1.0 Multiple Stored XSS and SQL Injection Vulnerabilities

Summary couponPHP is a revolutionary content management system for running Coupon and Deal websites. It is feature rich, powerful, beautifully designed and fully automatic. Description couponPHP is vulnerable to multiple Stored XSS and SQL Injection issues. Input passed via the parameters...

Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions

Summary Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks. Description The package...

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Reflected XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

Thrive Smart Home v1.1 Reflected Cross-Site Scripting

Summary As smart home technology becomes more affordable and easy to install with services offered by Thrive Smart Homes, there are some great options available to give your home a high-tech makeover. If the convenience of feeding your cat or turning on your air conditioning with a tap on your...

NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution

Summary The BEopt™ Building Energy Optimization Tool software provides capabilities to evaluate residential building designs and identify cost-optimal efficiency packages at various levels of whole-house energy savings along the path to zero net energy. Description BEopt suffers from a DLL...

DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access

Summary The 4th generation IrisAccess™ 7000 series iris recognition solution offered by Iris ID provides fast, secure, and highly accurate, non-contact identification by the iris of the eye. The iCAM7000's versatility and flexibility allows for easy integration with many Wiegand and network based...

Ubisoft Rayman Legends v1.2.103716 Remote Stack Buffer Overflow Vulnerability

Summary Rayman Legends is a 2013 platform game developed by Ubisoft Montpellier and published by Ubisoft. It is the fifth main title in the Rayman series and the direct sequel to the 2011 game Rayman Origins. The game was released for Microsoft Windows, Xbox 360, PlayStation 3, Wii U, and...

NCH Software Express Burn Plus 4.68 EBP Project File Handling Buffer Overflow PoC

Summary Express Burn is a program that allows you to create and copy many kinds of disc media, including Audio audio CDs / .mp3 CDs, Video DVDs, and Data CDs / DVDs / Blu-ray. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploit...

Native Instruments Kontakt 4 Player v4.1.3 Insecure Library Loading Vulnerability

Summary KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind. Description...

Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability

Summary Content Management System PHP+MySQL. Description The CMS is vulnerable to an SQL Injection attack when input is passed to the "newsid" parameter. The script fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and...

LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness

Summary LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures. Description The weakness is caused due to the...

XpoLog Center V6 CSRF Remote Command Execution

Summary Applications Log Analysis and Management Platform. Description XpoLog suffers from arbitrary command execution. Attackers can exploit this issue using the task tool feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF an attacke...

Microweber v1.0.3 Stored XSS And CSRF Add Admin Exploit

Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description The application allows users to perform certain actions via HTTP requests without performing any validity...

GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit

Summary GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work. Description Input passed via the 'page'...

IPUX CL5452/CL5132 IP Camera (UltraSVCamX.ocx) ActiveX Stack Buffer Overflow

Summary The device is H.264 Wired/Wireless IP Camera with 1.3 Mega-pixel sensor. With high performance H.264 video compression, the file size of video stream is extremely reduced, as to optimize the network bandwidth efficiency. It has full Pan/Tilt function and 3X digital zoom feature for a larg...

Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities

Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description Resin Application and Web Server suffers from a XSS issue due to a...

Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability

Summary The NI Service Center is a service used for Product Activation. Description The Service Center suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain...

EyeLock nano NXT 3.5 Local File Disclosure Vulnerability

Summary Nano NXT is the most advanced compact iris-based identity authentication device in Eyelock's comprehensive suite of end-to-end identity authentication solutions. Nano NXT is a miniaturized iris-based recognition system capable of providing real-time identification, both in-motion and at a...

ACROS Security 0patch (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation

Summary 0patch pronounced 'zero patch' is a platform for instantly distributing, applying and removing microscopic binary patches to/from running processes without having to restart these processes much less reboot the entire computer. Description The application suffers from an unquoted search...

Centreon 2.6.1 Command Injection Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The POST parameter 'persistant' which serves for making a new service run in the background is not properly...

u5CMS 3.9.3 Multiple SQL Injection Vulnerabilities

Summary u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review processes, personalized serial mails, PayPal payments and online surveys based on PHP and MySQL and Apache. Description Input passed via multiple...