Lucene search
K
ZeroscienceMost viewed

1109 matches found

Zero Science Lab
Zero Science Lab
added 2014/11/25 12:0 a.m.56 views

TRENDnet SecurView Wireless Network Camera TV-IP422WN (UltraCamX.ocx) Stack BoF

Summary SecurView Wireless N Day/Night Pan/Tilt Internet Camera, a powerful dual-codec wireless network camera with the 2-way audio function that provides the high-quality image and on-the-spot audio via the Internet connection. Description The UltraCam ActiveX Control 'UltraCamX.ocx' suffers fro...

7.5CVSS6.3AI score0.10054EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/07/11 12:0 a.m.56 views

OpenVPN Private Tunnel Core Service Unquoted Service Path Elevation Of Privilege

Summary Private Tunnel is a new approach to true Internet security creating a Virtual Private Tunnel VPT or Virtual Private Network VPN that encrypts, privatizes, and protects your Internet traffic. Description Private Tunnel application suffers from an unquoted search path issue impacting the Co...

6.9CVSS7.6AI score0.00951EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2012/05/09 12:0 a.m.56 views

Andromeda Streaming MP3 Server v1.9.3.6 (s param) Remote XSS Vulnerability

Summary Turn your MP3 collection into an MP3 server. Simply add a single PHP or ASP script to any folder within your site. Now you can browse and play the contents of that folder - over the Web, or over your local network. Description Andromeda is prone to a cross-site scripting vulnerability. Th...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/26 12:0 a.m.56 views

Adobe Device Central CS5 v3.0.1.0 (dwmapi.dll) DLL Hijacking Exploit

Summary Adobe® Device Central CS5 software simplifies the production of innovative and compelling content for mobile phones and consumer electronics devices. Adobe Device Central CS5 now offers support for HTML and the latest versions of Adobe Flash® Player software. Description Adobe Device...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/05/13 12:0 a.m.55 views

SOCA Access Control System 180612 Reflected Cross-Site Scripting

Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...

6.1CVSS6.1AI score0.00198EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.55 views

InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/07/19 12:0 a.m.55 views

Wowza Streaming Engine 4.5.0 Local Privilege Escalation

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description Wowza Streaming...

8.5CVSS5.8AI score0.00208EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2015/06/13 12:0 a.m.55 views

Cisco AnyConnect Secure Mobility Client Remote Command Execution

Summary Cisco AnyConnect Secure Mobility Solution empowers your employees to work from anywhere, on corporate laptops as well as personal mobile devices, regardless of physical location. It provides the security necessary to help keep your organization’s data safe and protected. Description The...

6.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/06/04 12:0 a.m.55 views

PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability

Summary PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it was built with modularity in mind. Lightweight, themeable and dynamic. Description PyroCMS suffers from a stored XSS and HTTP Response Splitting vulnerability when parsing user input to the 'title' an...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/09 12:0 a.m.54 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/04/30 12:0 a.m.54 views

Emby MediaServer 3.2.5 Reflected XSS Vulnerability

Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description Emby suffers from a XSS issue due ...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/15 12:0 a.m.54 views

TECO SG2 LAD Client 3.51 SEH Overwrite Buffer Overflow Exploit

Summary SG2 Client is a program that enables to create and edit applications. The program is providing two edit modes, LADDER and FBD to rapidly and directly input the required app. The Simulation Mode allows users to virtually run and test the program before it is loaded to the controller...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.54 views

Centreon 2.6.1 CSRF Add Admin Exploit

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The application allows users to perform certain actions via HTTP requests without performing any validity chec...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/02/09 12:0 a.m.54 views

u5CMS 3.9.3 Multiple Open Redirect Vulnerabilities

Summary u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review processes, personalized serial mails, PayPal payments and online surveys based on PHP and MySQL and Apache. Description Input passed via the 'uri' GET...

5.8CVSS5.9AI score0.06559EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/11/18 12:0 a.m.54 views

Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability

Summary Snowfox is an open source Content Management System CMS that allows your website users to create and share content based on permission configurations. Description Input passed via the 'rd' GET parameter in 'selectlanguage.class.php' script is not properly verified before being used to...

5.8CVSS5.9AI score0.0219EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/07/24 12:0 a.m.54 views

Omeka 2.2.1 Remote Code Execution Exploit

Summary Omeka is a free, flexible, and open source web-publishing platform for the display of library, museum, archives, and scholarly collections and exhibitions. Its 'five-minute setup' makes launching an online exhibition as easy as launching a blog. Description Omeka suffers from an...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/09/17 12:0 a.m.54 views

Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities

Summary The Spiceworks IT Desktop delivers nearly everything you need to simplify your IT job. Available in a variety of languages, Spiceworks' single, easy-to-use interface combines Network Inventory, Help Desk, Mapping, Reporting, Monitoring and Troubleshooting. And, it connects you with other ...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/02/08 12:0 a.m.54 views

SciTools Understand 2.6 (wintab32.dll) DLL Loading Arbitrary Code Execution

Summary Understand is a static analysis tool for maintaining, measuring, and analyzing critical or large code bases. Description The vulnerability is caused due to the application loading libraries wintab32.dll in an insecure manner. This can be exploited to load arbitrary libraries by tricking a...

6.9CVSS6AI score0.00401EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2010/02/22 12:0 a.m.54 views

CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln

Summary Triple Play is a PHP script that CableTEL offers its clients to check their internet traffic status. Description Triple Play suffers from a security bypass vulnerability login.php with sql injection attack. The login page can be accessed only by CableTEL's users. The script fails to...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/10 12:0 a.m.53 views

EyeLock Myris 3.3.2 SDK Service Unquoted Service Path Privilege Escalation

Summary myris® provides unparalleled security, is portable, lightweight and is as easy as looking in a mirror. Use myris to quickly and easily enroll users for EyeLock’s access control products or to grant users access to corporate domain environments within seconds—users never have to type their...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/13 12:0 a.m.53 views

Manage Engine Applications Manager 12 Multiple Vulnerabilities

Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/04/14 12:0 a.m.53 views

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit

Summary MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Description Input passed to the 'selitems' parameter is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the we...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/28 12:0 a.m.53 views

LEADTOOLS ActiveX Raster Twain v16.5 (LtocxTwainu.dll) Remote Buffer Overflow PoC

Summary With LEADTOOLS you can control any scanner, digital camera or capture card that has a TWAIN 32 and 64 bit device driver. High-level acquisition support is included for ease of use while low-level functionality is provided for flexibility and control in even the most demanding scanning...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.52 views

Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF

Summary Keep up with the demands of today’s remote workforce. Enable secure mobile access to critical apps and data without compromising security. Choose from a variety of scalable secure mobile access SMA appliances and intuitive Mobile Connect apps to fit every size business and budget...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.52 views

Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.52 views

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/06 12:0 a.m.52 views

iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions

Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2013/07/01 12:0 a.m.52 views

Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities

Summary The Barracuda SSL VPN is a powerful plug-and-play appliance purpose-built to provide remote users with secure access to internal network resources. Description Barracuda SSL VPN suffers from multiple stored XSS vulnerabilities when parsing user input to several parameters via POST method...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/02/07 12:0 a.m.52 views

ManageEngine ADManager Plus 5.2 Multiple XSS Vulnerabilities

Summary ADManager Plus is a simple, easy-to-use Windows Active Directory Management and Reporting Solution that helps AD Administrators and Help Desk Technicians with their day-to-day activities. Description ADManager Plus suffers from multiple XSS vulnerabilities when parsing user input to the...

4.3CVSS6.1AI score0.01644EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2011/05/31 12:0 a.m.52 views

Kentico CMS <=5.5R2.23 Cross-Site Scripting POST Injection Vulnerability

Summary .NET Web Content Management System for ASP.NET. Description Kentico CMS suffers from a XSS vulnerability when parsing user input to the 'userContextMenuparameter' parameter via POST method in '/examples/webparts/membership/users-viewer.aspx'. Attackers can exploit this weakness to execute...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2009/06/16 12:0 a.m.52 views

Carom3D 5.06 Unicode Buffer Overrun/DoS Vulnerability

Summary Carom 3D is an online multi-user billiard game created with special 3D graphic effects bringing every aspect such as 6 ball, 9 ball, 8 ball and other Billiard games to life. Description The world famous korean game Carom3D suffers from a buffer overflow and a denial of service...

3.5CVSS6.1AI score0.01953EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.51 views

OsiriX DICOM Viewer 8.0.1 (dulparse.cc) Remote Memory Corruption Vulnerability

Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/15 12:0 a.m.51 views

TECO JN5 L510-DriveLink 1.482 SEH Overwrite Buffer Overflow Exploit

Summary JN5 DriveLink is a free program that enables you to configure the AC Motor Drive, 510 Series PC-Link. It provides support for sleep and fire modes favourable for pumps, fans, compressors, and HVAC and communication network protocol of Modbus/ BACnet/ Metasys N2. Description The...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/04/14 12:0 a.m.51 views

WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities

Summary MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Description MiwoFTP WP Plugin suffers from multiple cross-site request forgery and xss vulnerabilities. The application allows users to perform certain actions via HTTP requests...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/06/24 12:0 a.m.50 views

iBilling v3.7.0 Multiple Stored and Reflected Cross-Site Scripting Vulnerabilities

Summary Summary: The features you want, the simplicity you need! Beautifully designed for best User Interface & User Experience. The software That Works For YOUR Business! Get growing - with affordable, scalable business software. Find innovative ways to manage customers data, communicate with...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/05/30 12:0 a.m.50 views

FlatPress 1.0.3 CSRF Arbitrary File Upload

Summary FlatPress is a blogging engine that saves your posts as simple text files. Forget about SQL! You just need some PHP. Description The vulnerability is caused due to the improper verification of uploaded files via the Uploader script using 'upload' POST parameter which allows of arbitrary...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/07/13 12:0 a.m.50 views

ArticleFR 3.0.6 CSRF Add Admin Exploit

Summary A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This c...

6.8CVSS5.8AI score0.01221EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/06/17 12:0 a.m.50 views

Ubisoft Rayman Legends v1.2.103716 Remote Stack Buffer Overflow Vulnerability

Summary Rayman Legends is a 2013 platform game developed by Ubisoft Montpellier and published by Ubisoft. It is the fifth main title in the Rayman series and the direct sequel to the 2011 game Rayman Origins. The game was released for Microsoft Windows, Xbox 360, PlayStation 3, Wii U, and...

7.5CVSS6.4AI score0.15191EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/02/28 12:0 a.m.50 views

couponPHP CMS 1.0 Multiple Stored XSS and SQL Injection Vulnerabilities

Summary couponPHP is a revolutionary content management system for running Coupon and Deal websites. It is feature rich, powerful, beautifully designed and fully automatic. Description couponPHP is vulnerable to multiple Stored XSS and SQL Injection issues. Input passed via the parameters...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/11/26 12:0 a.m.50 views

PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability

Summary PRADO is a component-based and event-driven programming framework for developing Web applications in PHP 5. PRADO stands for PHP Rapid Application Development Object-oriented. Description Input passed to the 'sr' parameter in 'functionaltests.php' is not properly sanitised before being us...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/03/16 12:0 a.m.50 views

Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions

Summary Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks. Description The package...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/04/11 12:0 a.m.50 views

Aladdin eToken PKI Client v4.5 Virtual File Handling Unspecified Memory Corruption PoC

Summary The eToken PKI Client is the software that enables eToken USB operation and the implementation of eToken PKI-based solutions. These solutions include certificate-based strong two-factor authentication, encryption and digital signing. With the PKI Client your PKI solutions become highly...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/09 12:0 a.m.49 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 Server-Side Request Forgery

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.49 views

Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS

Summary Uncompromising security and performance for emerging large organizations. The NSA 6600 network security appliance delivers best-in-class protection, speed and scalability with 12 Gbps throughput and up to 6000 VPN clients. Description SonicWALL NSA suffers from a XSS issue due to a failur...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.49 views

Centreon 2.6.1 Command Injection Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The POST parameter 'persistant' which serves for making a new service run in the background is not properly...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/06/12 12:0 a.m.49 views

Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow

Summary iTunes is a free application for your Mac or PC. It lets you organize and play digital music and video on your computer. It can automatically download new music, app, and book purchases across all your devices and computers. And it’s a store that has everything you need to be entertained...

9.3CVSS6.4AI score0.15357EPSS
Exploits17
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.49 views

Native Instruments Kontakt 4 Player v4.1.3 Insecure Library Loading Vulnerability

Summary KONTAKT 4 PLAYER is the free sample player based on award-winning KONTAKT technology. Expanding the capabilities of its successful predecessor, the free KONTAKT 4 PLAYER allows for innovative, highly playable instruments leaving technological and musical limitations behind. Description...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/08/14 12:0 a.m.49 views

Sports Accelerator Suite v2.0 (news_id) Remote SQL Injection Vulnerability

Summary Content Management System PHP+MySQL. Description The CMS is vulnerable to an SQL Injection attack when input is passed to the "newsid" parameter. The script fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/12/29 12:0 a.m.48 views

Thrive Smart Home v1.1 Reflected Cross-Site Scripting

Summary As smart home technology becomes more affordable and easy to install with services offered by Thrive Smart Homes, there are some great options available to give your home a high-tech makeover. If the convenience of feeding your cat or turning on your air conditioning with a tap on your...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/03/09 12:0 a.m.48 views

NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution

Summary The BEopt™ Building Energy Optimization Tool software provides capabilities to evaluate residential building designs and identify cost-optimal efficiency packages at various levels of whole-house energy savings along the path to zero net energy. Description BEopt suffers from a DLL...

9.8CVSS5.9AI score0.00371EPSS
Exploits1
Total number of security vulnerabilities1109