1109 matches found
DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness
Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...
Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access
Summary The 4th generation IrisAccess™ 7000 series iris recognition solution offered by Iris ID provides fast, secure, and highly accurate, non-contact identification by the iris of the eye. The iCAM7000's versatility and flexibility allows for easy integration with many Wiegand and network based...
XpoLog Center V6 CSRF Remote Command Execution
Summary Applications Log Analysis and Management Platform. Description XpoLog suffers from arbitrary command execution. Attackers can exploit this issue using the task tool feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF an attacke...
GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit
Summary GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP developer to Advanced Developer. Some manual configurations are needed to make this application to work. Description Input passed via the 'page'...
NCH Software Express Burn Plus 4.68 EBP Project File Handling Buffer Overflow PoC
Summary Express Burn is a program that allows you to create and copy many kinds of disc media, including Audio audio CDs / .mp3 CDs, Video DVDs, and Data CDs / DVDs / Blu-ray. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploit...
LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness
Summary LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures. Description The weakness is caused due to the...
ACROS Security 0patch (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation
Summary 0patch pronounced 'zero patch' is a platform for instantly distributing, applying and removing microscopic binary patches to/from running processes without having to restart these processes much less reboot the entire computer. Description The application suffers from an unquoted search...
Microweber v1.0.3 Stored XSS And CSRF Add Admin Exploit
Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description The application allows users to perform certain actions via HTTP requests without performing any validity...
IPUX CL5452/CL5132 IP Camera (UltraSVCamX.ocx) ActiveX Stack Buffer Overflow
Summary The device is H.264 Wired/Wireless IP Camera with 1.3 Mega-pixel sensor. With high performance H.264 video compression, the file size of video stream is extremely reduced, as to optimize the network bandwidth efficiency. It has full Pan/Tilt function and 3X digital zoom feature for a larg...
Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities
Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description Resin Application and Web Server suffers from a XSS issue due to a...
Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability
Summary Biznis Heroj or Business Hero is the first software on the Macedonian market that will help you manage your business processes in your company, such as accounting, production, acquisition, archiving, inventory, and the Cloud. Using the Cloud technology, Biznis Heroj allows you to access t...
ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities
Summary ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT effectively. It helps you implement ITIL best practices and troubleshoot IT service requests faster. ServiceDesk Plus is a highly customizable, easy-to-implement help desk software. Description The...
Native Instruments Service Center 2.2.5 Insecure Library Loading Vulnerability
Summary The NI Service Center is a service used for Product Activation. Description The Service Center suffers from a DLL hijacking vulnerability, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused due to the application insecurely loading certain...
Native Instruments Guitar Rig 4 Player v4.1.1 Insecure Library Loading Vulnerability
Summary GUITAR RIG 4 PLAYER is the free, modular and expandable effects processor from Native Instruments, combining creative effects routing possibilities with ease-of-use and pristine sound quality. The included FACTORY SELECTION library provides one stunning Amp emulation with Matched Cabinet,...
ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
EyeLock nano NXT 3.5 Local File Disclosure Vulnerability
Summary Nano NXT is the most advanced compact iris-based identity authentication device in Eyelock's comprehensive suite of end-to-end identity authentication solutions. Nano NXT is a miniaturized iris-based recognition system capable of providing real-time identification, both in-motion and at a...
HP Client Security Manager 8.3.4 Cross-Site Scripting Vulnerability
Summary HP Client Security Manager provides enhanced Windows login and website single-sign-on capabilities. Security Manager is also the host for HP Client Security plugins and should be installed before other Client Security modules. This package is provided for supported notebook models running...
Centreon 2.6.1 Unrestricted File Upload Vulnerability
Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The vulnerability is caused due to the improper verification of uploaded files via the 'filename' POST...
u5CMS 3.9.3 Multiple SQL Injection Vulnerabilities
Summary u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review processes, personalized serial mails, PayPal payments and online surveys based on PHP and MySQL and Apache. Description Input passed via multiple...
Asseco SEE iBank FX Client <= 2.0.9.3 Local Privilege Escalation Vulnerability
Summary FX Client is an offline application for e-banking that is intended only for legal entities. Description The application is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerabili...
OpenEMR 4.1.1 (site param) Remote XSS Vulnerability
Summary OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Description OpenEMR suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'site'...
PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability
Summary PolarisCMS is a White Label CMS content management System providing more features, functions and flexibility to global web professionals, than ever before. The breakthrough technology used for this web platform has been built over a 6 year period and includes a highly advanced Website...
Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities
Summary Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment, interactive product demonstrations, and online learning applications. Shockwave Player...
AVTECH Software (AVC781Viewer.dll) ActiveX Multiple Remote Vulnerabilities
Summary AVTECH Software, a private corporation founded in 1988, is a computer software and hardware manufacturer specializing in providing Windows NT/2K/XP/2K3 products to monitor multi-OS computers and network issues throughout a department or an entire enterprise. Once issues or events occur,...
Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC
Summary Femitter Server is an easy-to use HTTP and FTP server application for Windows which allows you to use your own computer for sharing gigabytes of files with your friends and colleagues. Description Femitter HTTP/FTP 1.03 suffers from an information disclosure and denial of service...
Horos 2.1.0 Web Portal Remote Information Disclosure Exploit
Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a file disclosure...
Horos 2.1.0 DICOM Medical Image Viewer Remote Memory Overflow Vulnerability
Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description The vulnerability is caused due to the usage o...
EyeLock nano NXT 3.5 Remote Root Exploit
Summary EyeLock is an advanced iris authentication and recognition solutions company focused on developing next-generation systems for global access control and identity management. nano NXT® - the next generation of EyeLock’s revolutionary access control solutions. nano NXT renders all other...
NUUO Local File Disclosure Vulnerability
Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...
Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities
Summary The ICU 7000-2 is an optional component used when the client requires iris template data to be matched on the secure side of the door. When using ICU no data is stored in the iCAM7 Iris Reader itself. The ICU also ensures that portal operation can continue if the there is an interruption ...
XpoLog Center V6 Multiple Remote Vulnerabilities
Summary Applications Log Analysis and Management Platform. Description XpoLog suffers from multiple vulnerabilities including XSS, Open Redirection and Cross-Site Request Forgery. XpoLog Center V6 Multiple Remote Vulnerabilities Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected...
Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 Insecure File Permissions
Summary em4 is more than just a nano-PLC. It is a leading edge device supported by best-in-class tools that enables you to create and implement the smartest automation applications. Millenium 3 M3 is easy to program and to implement, it enables the control and monitoring of machines and automatio...
GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities
Summary GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was designed by Indepnet Association a non profit organisation in 2003. GLPI is a free asset and IT management software package, it also offers functionalities like servicedesk ITIL or...
Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC
Summary Macro Express is the premier Windows macro utility. With Macro Express, you can record, edit and play back mouse and keyboard macros. Its powerful tools and robust features will make you more productive. Description Macro Express Pro suffers from a buffer overflow vulnerability when...
Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability
Summary Altova DatabaseSpy® 2011 is the unique multi-database query, design, and database comparison tool. It connects to all major databases, easing SQL editing, database structure design, database content editing, database schema and content comparison, and database conversion for a fraction of...
Epiri Professional Web Browser 3.0 Remote Crash Exploit
Summary Epiri Professional 3.0 next generation alternative internet Epiri Professional features with faster internet, digital clarity, the latest technological design and user-focused, impressive, next generation alternative internet program. Microsoft Silverlight needed. Description Epiri...
DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities
Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...
X5 Webserver 5.0 Remote Denial Of Service Exploit
Summary X5 is the latest generation web server from iMatix Corporation. The Xitami product line stretches back to 1996. X5 is built using iMatix's current Base2 technology for multithreading applications. On multicore machines, it is much more scalable than Xitami/2. Description The vulnerability...
InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
iScripts EasyCreate 3.0 Remote Code Execution Exploit
Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...
GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege
Summary Reliance is a professional SCADA/HMI system designed for the visualization and control of industrial processes and for building automation. Description The application suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of...
OpenMRS 2.3 (1.11.4) Multiple Cross-Site Scripting Vulnerabilities
Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...
Alienware Command Center 2.8.8.0 Local Privilege Escalation
Summary Alienware Command Center is a software program developed by Alienware. The most common release is 2.8.8.0, with over 98% of all installations currently using this version. During setup, the program creates a startup registration point in Windows in order to automatically start when any us...
docuFORM Mercury WebApp 6.16a/5.20 Multiple Cross-Site Scripting Vulnerabilities
Summary Unlimited options for production printing and customer solutions. Description The Mercury Web Application suffers from multiple XSS vulnerabilities when parsing user input thru the GET parameter 'thisurl' and the POST parameter 'aasfunc' in fstate.php, flist.php, fjob.php and fheader.php...
AVE DOMINAplus <=1.10.x CSRF/XSS Vulnerabilities
Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...
Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder
Summary Your new software for the configuration of Wieland terminal rails. wieplan enables you to plan a complete terminal rail in a very simple way and to then place an order with Wieland. The configured terminal rail can be stored in DXF format and read into a CAD tool for further processing. D...
R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities
Summary PHP Vacation Rental Script is the best solution for your vacation rentals online business. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions...
Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities
Summary Origin formerly EA Download Manager EADM is digital distribution software from Electronic Arts that allows users to purchase games on the internet for PC and mobile platforms, and download them with the Origin client formerly EA Download Manager, EA Downloader and EA Link. Description The...
AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities
Summary AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines. Description Input passed via the parameter 'myownpatchid' in '/updater/patchedit.php' and the parameter 'id' in...