1103 matches found
Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass
Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...
ABB Cylon FLXeon 9.3.5 (siteGuide.js) Authenticated Root Remote Code Execution
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution
Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...
Selea Targa IP OCR-ANPR Camera Remote Stored XSS
Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...
SOUND4 Server Service 4.1.102 Local Privilege Escalation
Summary SOUND4 Windows Server Service. Description The application suffers from an unquoted search path issue impacting the service 'SOUND4 Server' for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the syste...
ABB Cylon Aspect 3.08.01 (networkDiagAjax.php) Remote Network Utility Execution
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The vulnerability allows an unauthenticated attacker to perform netwo...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config
Summary The SIGNUM controller from Elber satellite equipment demodulates one or two DVB-S/ S2 signals up to 32APSK single/multi-stream, achieving 256 KS/s as minimum symbol rate. The TS demodulated signals can be aligned and configured in 1+1 seamless switching for redundancy. Redundancy can also...
ABB Cylon Aspect 3.08.02 (logYumLookup.php) Authenticated File Disclosure
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The building management system suffers from an authenticated arbitrar...
TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account
Summary Professional FM transmitters. Description The transmitter has a hidden super administrative account 'factory' that has the hardcoded password 'inokram25' that allows full access to the web management interface configuration. The factory account is not visible in the users page of the...
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Summary R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Description The transmitter suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user...
Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality
Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...
iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation
Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the consol...
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config
Summary Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and...
EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability
Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter...
Osprey Pump Controller 1.0.1 Authentication Bypass Credentials Modification
Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...
OpenBMCS 2.4 Unauthenticated SSRF / RFI
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Summary Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and...
Tinycontrol LAN Controller v3 (LK3) Remote Credentials Extraction PoC
Summary Lan Controller is a very universal device that allows you to connect many different sensors and remotely view their readings and remotely control various types of outputs. It is also possible to combine both functions into an automatic if - this with a calendar when - then. The device...
Delta Controls enteliTOUCH 3.40.3935 Cross-Site Request Forgery (CSRF)
Summary enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The enteliTOUCH has a 7-inch, high-resolution display that serves as an interface to your building. Use it as your primary interface for smaller facilities or as an on-the-spot access point for...
OpenBMCS 2.4 Secrets Disclosure
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution
Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in compact solutions. They have innovative functions and features that can eliminate the costs required by additional equipment: automatic exchange of audio sources,...
Osprey Pump Controller 1.0.1 Administrator Backdoor Access
Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...
ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Remote Code Execution
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Insufficient Session Expiration
Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...
ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is operating with default and hard-coded...
SmartFoxServer 2X 2.17.0 God Mode Console WebSocket XSS
Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...
Ksenia Security Lares WebServer Home Automation PIN Logic Flaw
Summary Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server. Description The Ksenia home automation and burglar alarm system has a security flaw where t...
ABB Cylon FLXeon 9.3.4 (upload.js) Authenticated Root Remote Code Execution
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
EuroTel ETL3100 Transmitter Default Credentials
Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter...
Osprey Pump Controller 1.0.1 Cross-Site Request Forgery
Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...
JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities
Summary This ONU is the perfect GEPON home and business gateway. It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND and COMBINED. Description The device suffers from multiple vulnerabilities including: Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect. JM-DATA O...
Smartwares HOME easy v1.0.9 Database Backup Information Disclosure Exploit
Summary Home Easy/Smartwares are a range of products designed to remotely control your home using wireless technology. Home Easy/Smartwares is very simple to set up and allows you to operate your electrical equipment like lighting, appliances, heating etc. Description The home automation solution...
Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit
Summary The TRA7000 series is a set of products dedicated to broadcast, designed to guarantee an excellent quality-price ratio in compliance with current regulations and intended for individual broadcasters or radio networks. All models in the TRA7000 series are fully digital, using only...
Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials
Summary Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL captures live TV and radio content from satellite, cable, digital terrestrial and analog sources before streaming it over IP networks to STBs, PCs or other IP-connected...
ABB Cylon Aspect 3.08.01 (vstatConfigurationDownload.php) Config Download
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. The addition of vSTAT, a Virtual Zone application, allows for authorised users to...
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass
Summary Wayber II is the name of an analogue/digital microwave link able to transport a Mono or a MPX stereo signal from studio to audio transmitter. Compact and reliable, it features very high quality and modern technology both in signal processing and microwave section leading to outstanding...
TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password
Summary Professional FM transmitters. Description Unauthorized user could exploit this vulnerability to change his/her password, potentially gaining unauthorized access to sensitive information or performing actions beyond her/his designated permissions. TELSAT marKoni FM Transmitter 1.9.5 Insecu...
OctoberCMS v3.4.0 (About) Stored Cross-Site Scripting Vulnerability
Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...
ABB Cylon FLXeon 9.3.4 (app.js) Insecure CORS Configuration
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass
Summary Professional FM transmitters. Description The application implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations. TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web...
Sielco Radio Link 2.06 'id' Cookie Brute Force Session Hijacking
Summary Sielco develops and produces radio links for all transmission and reception needs, thanks to innovative units and excellent performances, accompanied by a high reliability and low consumption. Description The Cookie session ID 'id' is of an insufficient length and can be exploited by brut...
OpenBMCS 2.4 Create Admin / Remote Privilege Escalation
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
Gemalto Sentinel License Manager 18.0.1 Directory Traversal Vulnerability
Summary The Sentinel License Manager enforces and manages licensing in multi-user environment. It keeps track of all the licenses and handles requests from network users who want to run your application, granting authorization to the requesters to allow them to run the application, and denying...
ABB Cylon FLXeon 9.3.4 (cert.js) Authenticated Root Remote Code Execution
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
Sielco Radio Link 2.06 Cross-Site Request Forgery (Add Admin)
Summary Sielco develops and produces radio links for all transmission and reception needs, thanks to innovative units and excellent performances, accompanied by a high reliability and low consumption. Description The application interface allows users to perform certain actions via HTTP requests...
Delta Controls enteliTOUCH 3.40.3935 Cross-Site Scripting (XSS)
Summary enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The enteliTOUCH has a 7-inch, high-resolution display that serves as an interface to your building. Use it as your primary interface for smaller facilities or as an on-the-spot access point for...
ABB Cylon FLXeon 9.3.4 (users.js) Authenticated Root Remote Code Execution
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
ABB Cylon Aspect 3.08.01 (mstpstatus.php) Information Disclosure
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated informatio...
ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS
Summary The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and maintain your emergency lighting system. Therefore each luminaire connected to your ESM network is given a unique code. The ESM can easily identify the luminaires individually and...