Lucene search
K
ZeroscienceMost viewed

1109 matches found

Zero Science Lab
Zero Science Lab
added 2017/08/09 12:0 a.m.48 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/07/26 12:0 a.m.48 views

Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access

Summary The 4th generation IrisAccess™ 7000 series iris recognition solution offered by Iris ID provides fast, secure, and highly accurate, non-contact identification by the iris of the eye. The iCAM7000's versatility and flexibility allows for easy integration with many Wiegand and network based...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/07/01 12:0 a.m.48 views

XpoLog Center V6 CSRF Remote Command Execution

Summary Applications Log Analysis and Management Platform. Description XpoLog suffers from arbitrary command execution. Attackers can exploit this issue using the task tool feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF an attacke...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/03/10 12:0 a.m.48 views

GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit

Summary GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work. Description Input passed via the 'page'...

7.5CVSS6AI score0.05575EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/01/21 12:0 a.m.48 views

NCH Software Express Burn Plus 4.68 EBP Project File Handling Buffer Overflow PoC

Summary Express Burn is a program that allows you to create and copy many kinds of disc media, including Audio audio CDs / .mp3 CDs, Video DVDs, and Data CDs / DVDs / Blu-ray. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploit...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2018/02/11 12:0 a.m.47 views

LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness

Summary LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures. Description The weakness is caused due to the...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/06/20 12:0 a.m.47 views

ACROS Security 0patch (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation

Summary 0patch pronounced 'zero patch' is a platform for instantly distributing, applying and removing microscopic binary patches to/from running processes without having to restart these processes much less reboot the entire computer. Description The application suffers from an unquoted search...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/08/04 12:0 a.m.47 views

Microweber v1.0.3 Stored XSS And CSRF Add Admin Exploit

Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description The application allows users to perform certain actions via HTTP requests without performing any validity...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2014/12/02 12:0 a.m.47 views

IPUX CL5452/CL5132 IP Camera (UltraSVCamX.ocx) ActiveX Stack Buffer Overflow

Summary The device is H.264 Wired/Wireless IP Camera with 1.3 Mega-pixel sensor. With high performance H.264 video compression, the file size of video stream is extremely reduced, as to optimize the network bandwidth efficiency. It has full Pan/Tilt function and 3X digital zoom feature for a larg...

6.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2013/06/07 12:0 a.m.47 views

Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities

Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description Resin Application and Web Server suffers from a XSS issue due to a...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/12/21 12:0 a.m.47 views

Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability

Summary Biznis Heroj or Business Hero is the first software on the Macedonian market that will help you manage your business processes in your company, such as accounting, production, acquisition, archiving, inventory, and the Cloud. Using the Cloud technology, Biznis Heroj allows you to access t...

7.5CVSS5.9AI score0.011EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2011/08/23 12:0 a.m.47 views

ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities

Summary ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT effectively. It helps you implement ITIL best practices and troubleshoot IT service requests faster. ServiceDesk Plus is a highly customizable, easy-to-implement help desk software. Description The...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.47 views

Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability

Summary The NI Service Center is a service used for Product Activation. Description The Service Center suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/11/20 12:0 a.m.47 views

Native Instruments Guitar Rig 4 Player v4.1.1 Insecure Library Loading Vulnerability

Summary GUITAR RIG 4 PLAYER is the free, modular and expandable effects processor from Native Instruments, combining creative effects routing possibilities with ease-of-use and pristine sound quality. The included FACTORY SELECTION library provides one stunning Amp emulation with Matched Cabinet,...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/31 12:0 a.m.46 views

ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

9.8CVSS5.8AI score0.00563EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/10 12:0 a.m.46 views

EyeLock nano NXT 3.5 Local File Disclosure Vulnerability

Summary Nano NXT is the most advanced compact iris-based identity authentication device in Eyelock's comprehensive suite of end-to-end identity authentication solutions. Nano NXT is a miniaturized iris-based recognition system capable of providing real-time identification, both in-motion and at a...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/28 12:0 a.m.46 views

HP Client Security Manager 8.3.4 Cross-Site Scripting Vulnerability

Summary HP Client Security Manager provides enhanced Windows login and website single-sign-on capabilities. Security Manager is also the host for HP Client Security plugins and should be installed before other Client Security modules. This package is provided for supported notebook models running...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.46 views

Centreon 2.6.1 Unrestricted File Upload Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The vulnerability is caused due to the improper verification of uploaded files via the 'filename' POST...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/02/09 12:0 a.m.46 views

u5CMS 3.9.3 Multiple SQL Injection Vulnerabilities

Summary u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review processes, personalized serial mails, PayPal payments and online surveys based on PHP and MySQL and Apache. Description Input passed via multiple...

7.5CVSS6AI score0.02125EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2014/02/06 12:0 a.m.46 views

Asseco SEE iBank FX Client <= 2.0.9.3 Local Privilege Escalation Vulnerability

Summary FX Client is an offline application for e-banking that is intended only for legal entities. Description The application is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerabili...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2013/02/21 12:0 a.m.46 views

OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

Summary OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Description OpenEMR suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'site'...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/08/05 12:0 a.m.46 views

PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability

Summary PolarisCMS is a White Label CMS content management System providing more features, functions and flexibility to global web professionals, than ever before. The breakthrough technology used for this web platform has been built over a 6 year period and includes a highly advanced Website...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/05/11 12:0 a.m.46 views

Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities

Summary Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment, interactive product demonstrations, and online learning applications. Shockwave Player...

9.3CVSS7.7AI score0.16637EPSS
Exploits8
Zero Science Lab
Zero Science Lab
added 2010/04/19 12:0 a.m.46 views

AVTECH Software (AVC781Viewer.dll) ActiveX Multiple Remote Vulnerabilities

Summary AVTECH Software, a private corporation founded in 1988, is a computer software and hardware manufacturer specializing in providing Windows NT/2K/XP/2K3 products to monitor multi-OS computers and network issues throughout a department or an entire enterprise. Once issues or events occur,...

6.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2008/09/17 12:0 a.m.46 views

Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC

Summary Femitter Server is an easy-to use HTTP and FTP server application for Windows which allows you to use your own computer for sharing gigabytes of files with your friends and colleagues. Description Femitter HTTP/FTP 1.03 suffers from an information disclosure and denial of service...

5CVSS5.8AI score0.02962EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.45 views

Horos 2.1.0 Web Portal Remote Information Disclosure Exploit

Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a file disclosure...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.45 views

Horos 2.1.0 DICOM Medical Image Viewer Remote Memory Overflow Vulnerability

Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description The vulnerability is caused due to the usage o...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/10 12:0 a.m.45 views

EyeLock nano NXT 3.5 Remote Root Exploit

Summary EyeLock is an advanced iris authentication and recognition solutions company focused on developing next-generation systems for global access control and identity management. nano NXT® - the next generation of EyeLock’s revolutionary access control solutions. nano NXT renders all other...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/06 12:0 a.m.45 views

NUUO Local File Disclosure Vulnerability

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/07/26 12:0 a.m.45 views

Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities

Summary The ICU 7000-2 is an optional component used when the client requires iris template data to be matched on the secure side of the door. When using ICU no data is stored in the iCAM7 Iris Reader itself. The ICU also ensures that portal operation can continue if the there is an interruption ...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/07/01 12:0 a.m.45 views

XpoLog Center V6 Multiple Remote Vulnerabilities

Summary Applications Log Analysis and Management Platform. Description XpoLog suffers from multiple vulnerabilities including XSS, Open Redirection and Cross-Site Request Forgery. XpoLog Center V6 Multiple Remote Vulnerabilities Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/02/29 12:0 a.m.45 views

Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 Insecure File Permissions

Summary em4 is more than just a nano-PLC. It is a leading edge device supported by best-in-class tools that enables you to create and implement the smartest automation applications. Millenium 3 M3 is easy to program and to implement, it enables the control and monitoring of machines and automatio...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2013/06/19 12:0 a.m.45 views

GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities

Summary GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was designed by Indepnet Association a non profit organisation in 2003. GLPI is a free asset and IT management software package, it also offers functionalities like servicedesk ITIL or...

7.5CVSS6AI score0.02768EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2011/01/10 12:0 a.m.45 views

Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC

Summary Macro Express is the premier Windows macro utility. With Macro Express, you can record, edit and play back mouse and keyboard macros. Its powerful tools and robust features will make you more productive. Description Macro Express Pro suffers from a buffer overflow vulnerability when...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2010/10/22 12:0 a.m.45 views

Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability

Summary Altova DatabaseSpy® 2011 is the unique multi-database query, design, and database comparison tool. It connects to all major databases, easing SQL editing, database structure design, database content editing, database schema and content comparison, and database conversion for a fraction of...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2009/07/30 12:0 a.m.45 views

Epiri Professional Web Browser 3.0 Remote Crash Exploit

Summary Epiri Professional 3.0 next generation alternative internet Epiri Professional features with faster internet, digital clarity, the latest technological design and user-focused, impressive, next generation alternative internet program. Microsoft Silverlight needed. Description Epiri...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/09 12:0 a.m.44 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/11/30 12:0 a.m.44 views

X5 Webserver 5.0 Remote Denial Of Service Exploit

Summary X5 is the latest generation web server from iMatix Corporation. The Xitami product line stretches back to 1996. X5 is built using iMatix's current Base2 technology for multithreading applications. On multicore machines, it is much more scalable than Xitami/2. Description The vulnerability...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.44 views

InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.44 views

InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/28 12:0 a.m.44 views

iScripts EasyCreate 3.0 Remote Code Execution Exploit

Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/07 12:0 a.m.45 views

GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege

Summary Reliance is a professional SCADA/HMI system designed for the visualization and control of industrial processes and for building automation. Description The application suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/07 12:0 a.m.44 views

OpenMRS 2.3 (1.11.4) Multiple Cross-Site Scripting Vulnerabilities

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/02/25 12:0 a.m.44 views

Alienware Command Center 2.8.8.0 Local Privilege Escalation

Summary Alienware Command Center is a software program developed by Alienware. The most common release is 2.8.8.0, with over 98% of all installations currently using this version. During setup, the program creates a startup registration point in Windows in order to automatically start when any us...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/04/20 12:0 a.m.44 views

docuFORM Mercury WebApp 6.16a/5.20 Multiple Cross-Site Scripting Vulnerabilities

Summary Unlimited options for production printing and customer solutions. Description The Mercury Web Application suffers from multiple XSS vulnerabilities when parsing user input thru the GET parameter 'thisurl' and the POST parameter 'aasfunc' in fstate.php, flist.php, fjob.php and fheader.php...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/12/27 12:0 a.m.44 views

AVE DOMINAplus <=1.10.x CSRF/XSS Vulnerabilities

Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...

5.3CVSS6.1AI score0.00174EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/02/10 12:0 a.m.43 views

Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder

Summary Your new software for the configuration of Wieland terminal rails. wieplan enables you to plan a complete terminal rail in a very simple way and to then place an order with Wieland. The configured terminal rail can be stored in DXF format and read into a CAD tool for further processing. D...

6.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/11 12:0 a.m.43 views

R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities

Summary PHP Vacation Rental Script is the best solution for your vacation rentals online business. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/02/26 12:0 a.m.43 views

Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities

Summary Origin formerly EA Download Manager EADM is digital distribution software from Electronic Arts that allows users to purchase games on the internet for PC and mobile platforms, and download them with the Origin client formerly EA Download Manager, EA Downloader and EA Link. Description The...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/08/06 12:0 a.m.43 views

AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities

Summary AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines. Description Input passed via the parameter 'myownpatchid' in '/updater/patchedit.php' and the parameter 'id' in...

6AI score
Exploits0
Total number of security vulnerabilities1109