PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability

Summary PolarisCMS is a White Label CMS content management System providing more features, functions and flexibility to global web professionals, than ever before. The breakthrough technology used for this web platform has been built over a 6 year period and includes a highly advanced Website...

Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow

Summary iTunes is a free application for your Mac or PC. It lets you organize and play digital music and video on your computer. It can automatically download new music, app, and book purchases across all your devices and computers. And it’s a store that has everything you need to be entertained...

Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability

Summary Biznis Heroj or Business Hero is the first software on the Macedonian market that will help you manage your business processes in your company, such as accounting, production, acquisition, archiving, inventory, and the Cloud. Using the Cloud technology, Biznis Heroj allows you to access t...

ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities

Summary ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT effectively. It helps you implement ITIL best practices and troubleshoot IT service requests faster. ServiceDesk Plus is a highly customizable, easy-to-implement help desk software. Description The...

Native Instruments Guitar Rig 4 Player v4.1.1 Insecure Library Loading Vulnerability

Summary GUITAR RIG 4 PLAYER is the free, modular and expandable effects processor from Native Instruments, combining creative effects routing possibilities with ease-of-use and pristine sound quality. The included FACTORY SELECTION library provides one stunning Amp emulation with Matched Cabinet,...

Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities

Summary Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer - including dazzling 3D games and entertainment, interactive product demonstrations, and online learning applications. Shockwave Player...

AVTECH Software (AVC781Viewer.dll) ActiveX Multiple Remote Vulnerabilities

Summary AVTECH Software, a private corporation founded in 1988, is a computer software and hardware manufacturer specializing in providing Windows NT/2K/XP/2K3 products to monitor multi-OS computers and network issues throughout a department or an entire enterprise. Once issues or events occur,...

Lyrion Music Server 9.2.0 Path Traversal File Read

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

Lyrion Music Server 9.2.0 (metadata) Stored XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

Horos 2.1.0 DICOM Medical Image Viewer Remote Memory Overflow Vulnerability

Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description The vulnerability is caused due to the usage o...

Horos 2.1.0 Web Portal Remote Information Disclosure Exploit

Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a file disclosure...

ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

EyeLock nano NXT 3.5 Remote Root Exploit

Summary EyeLock is an advanced iris authentication and recognition solutions company focused on developing next-generation systems for global access control and identity management. nano NXT® - the next generation of EyeLock’s revolutionary access control solutions. nano NXT renders all other...

NUUO Local File Disclosure Vulnerability

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities

Summary The ICU 7000-2 is an optional component used when the client requires iris template data to be matched on the secure side of the door. When using ICU no data is stored in the iCAM7 Iris Reader itself. The ICU also ensures that portal operation can continue if the there is an interruption ...

XpoLog Center V6 Multiple Remote Vulnerabilities

Summary Applications Log Analysis and Management Platform. Description XpoLog suffers from multiple vulnerabilities including XSS, Open Redirection and Cross-Site Request Forgery. XpoLog Center V6 Multiple Remote Vulnerabilities Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected...

Centreon 2.6.1 Unrestricted File Upload Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The vulnerability is caused due to the improper verification of uploaded files via the 'filename' POST...

Asseco SEE iBank FX Client <= 2.0.9.3 Local Privilege Escalation Vulnerability

Summary FX Client is an offline application for e-banking that is intended only for legal entities. Description The application is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerabili...

GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities

Summary GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was designed by Indepnet Association a non profit organisation in 2003. GLPI is a free asset and IT management software package, it also offers functionalities like servicedesk ITIL or...

OpenEMR 4.1.1 (site param) Remote XSS Vulnerability

Summary OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Description OpenEMR suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'site'...

Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC

Summary Femitter Server is an easy-to use HTTP and FTP server application for Windows which allows you to use your own computer for sharing gigabytes of files with your friends and colleagues. Description Femitter HTTP/FTP 1.03 suffers from an information disclosure and denial of service...

iScripts EasyCreate 3.0 Remote Code Execution Exploit

Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...

docuFORM Mercury WebApp 6.16a/5.20 Multiple Cross-Site Scripting Vulnerabilities

Summary Unlimited options for production printing and customer solutions. Description The Mercury Web Application suffers from multiple XSS vulnerabilities when parsing user input thru the GET parameter 'thisurl' and the POST parameter 'aasfunc' in fstate.php, flist.php, fjob.php and fheader.php...

Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC

Summary Macro Express is the premier Windows macro utility. With Macro Express, you can record, edit and play back mouse and keyboard macros. Its powerful tools and robust features will make you more productive. Description Macro Express Pro suffers from a buffer overflow vulnerability when...

Epiri Professional Web Browser 3.0 Remote Crash Exploit

Summary Epiri Professional 3.0 next generation alternative internet Epiri Professional features with faster internet, digital clarity, the latest technological design and user-focused, impressive, next generation alternative internet program. Microsoft Silverlight needed. Description Epiri...

AVE DOMINAplus <=1.10.x CSRF/XSS Vulnerabilities

Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...

X5 Webserver 5.0 Remote Denial Of Service Exploit

Summary X5 is the latest generation web server from iMatix Corporation. The Xitami product line stretches back to 1996. X5 is built using iMatix's current Base2 technology for multithreading applications. On multicore machines, it is much more scalable than Xitami/2. Description The vulnerability...

InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 Insecure File Permissions

Summary em4 is more than just a nano-PLC. It is a leading edge device supported by best-in-class tools that enables you to create and implement the smartest automation applications. Millenium 3 M3 is easy to program and to implement, it enables the control and monitoring of machines and automatio...

GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege

Summary Reliance is a professional SCADA/HMI system designed for the visualization and control of industrial processes and for building automation. Description The application suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of...

R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities

Summary PHP Vacation Rental Script is the best solution for your vacation rentals online business. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions...

Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities

Summary Origin formerly EA Download Manager EADM is digital distribution software from Electronic Arts that allows users to purchase games on the internet for PC and mobile platforms, and download them with the Origin client formerly EA Download Manager, EA Downloader and EA Link. Description The...

Alienware Command Center 2.8.8.0 Local Privilege Escalation

Summary Alienware Command Center is a software program developed by Alienware. The most common release is 2.8.8.0, with over 98% of all installations currently using this version. During setup, the program creates a startup registration point in Windows in order to automatically start when any us...

Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability

Summary Altova DatabaseSpy® 2011 is the unique multi-database query, design, and database comparison tool. It connects to all major databases, easing SQL editing, database structure design, database content editing, database schema and content comparison, and database conversion for a fraction of...

Zortam MP3 Media Studio 9.40 Multiple Memory Corruption Vulnerabilities

Summary Zortam Mp3 Media Studio is all-in-one Mp3 application that contains Mp3 ID3 Tag Organizer for searching and cataloguing Mp3 files into Mp3 library, editing ID3v1 and ID3v2.4 tags ID3 Tag Editor-Mp3 Tag Editor, CD Ripper with album cover art/lyric support that uses CDDB Internet Compact Di...

InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

OpenMRS 2.3 (1.11.4) Multiple Cross-Site Scripting Vulnerabilities

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities

Summary AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines. Description Input passed via the parameter 'myownpatchid' in '/updater/patchedit.php' and the parameter 'id' in...

MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability

Summary MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a webserver. MantisBT has been installed on Windows, Linux, Mac OS, OS/2, and others. Almost any web browser should be able to...

eEye Retina WiFi Security Scanner 1.0 (.rws Parsing) Buffer Overflow PoC

Summary Retina WiFi Scanner is a tool to be used to detect IEEE 802.11 WiFi based devices. Note: The tool is implemented as part of the eEye's Retina Network Security Scanner package. Description A vulnerability has been identified in eEye Retina WiFi Scanner, which could be exploited by attacker...

CyberLink PowerDVD <= 8.0 Crafted PLS/M3U Playlist File BoF Vulnerability

Summary CyberLink PowerDVD is a commercial media player for Microsoft Windows and Linux. Several editions of the software are sold including "Ultra", "Deluxe" and "Standard". All editions support the viewing of DVD but only the Ultra edition supports Blu-ray playback. Description PowerDVD is pron...

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Stored XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

Pachno 1.0.6 (uploadfile) Unrestricted File Upload Remote Code Execution

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

Mikogo 5.4.1.160608 Local Credentials Disclosure

Summary Mikogo is a desktop sharing software application for web conferencing and remote support, and is provided by the online collaboration provider, BeamYourScreen GmbH. Mikogo provides its software as native downloads for Windows, Mac OS X, Linux, iOS and Android. Description Mikogo is...

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

NUUO NVRmini 2 NE-4160 ShellShock Remote Code Execution

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder

Summary Your new software for the configuration of Wieland terminal rails. wieplan enables you to plan a complete terminal rail in a very simple way and to then place an order with Wieland. The configured terminal rail can be stored in DXF format and read into a CAD tool for further processing. D...

TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Vulnerability

Summary SG2 Client is a program that enables to create and edit applications. The program is providing two edit modes, LADDER and FBD to rapidly and directly input the required app. The Simulation Mode allows users to virtually run and test the program before it is loaded to the controller...

Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability

Summary Pixelpost is an open-source, standards-compliant, multi-lingual, fully extensible photoblog application for the web. Anyone who has web-space that meets the requirements can download and use Pixelpost for free! Description Pixelpost is vulnerable to an SQL Injection attack when input is...

Lyrion Music Server 9.2.0 (search.*) Multiple Script Insertions

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...