TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit

Summary Professional FM transmitters. Description The marKoni FM transmitters are susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the 'wget'...

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit

Summary Desigo PX is a modern building automation and control system for the entire field of building service plants. Scalable from small to large projects with highest degree of energy efficiency, openness and user-friendly operation. Description The device contains a vulnerability that could...

ABB Cylon Aspect 3.08.03 (login.php) Obscure Authentication Bypass

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BAS controller allows login using guest:guest,...

ABB Cylon Aspect 3.08.02 (altlogin.php) Unauthenticated Reflected XSS

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated reflected...

ABB Cylon Aspect 3.08.01 (diagLateThread.php) Information Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated informatio...

Sielco Radio Link 2.06 Remote Privilege Escalation

Summary Sielco develops and produces radio links for all transmission and reception needs, thanks to innovative units and excellent performances, accompanied by a high reliability and low consumption. Description The application suffers from a privilege escalation vulnerability. A user with Read...

Osprey Pump Controller 1.0.1 (userName) Blind Command Injection

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

ABB Cylon Aspect 3.08.01 (badassMode) File Upload MD5 Checksum Bypass

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS system has a vulnerability in caldavInstall.php,...

Selea CarPlateServer (CPS) v4.0.1.6 Remote Program Execution

Summary Our CPS Car Plate Server software is an advanced solution that can be installed on computers and servers and used as an operations centre. It can create sophisticated traffic control and road safety systems connecting to stationary, mobile or vehicle-installed ANPR systems. CPS allows to...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config

Summary The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a basic chassis with 4 extractable boards which makes maintenance and critical operations, like frequency modification, easy and efficient. The modular approach has...

Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauth Code Invasion

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

OctoberCMS v3.4.0 (Author) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

Electrolink FM/DAB/TV Transmitter Remote Authentication Removal

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (dns.php) Conditional Command Injection

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak Through Log Disclosure

Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...

OctoberCMS v3.4.0 (Wiki_article) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution

Summary Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL captures live TV and radio content from satellite, cable, digital terrestrial and analog sources before streaming it over IP networks to STBs, PCs or other IP-connected...

Screen SFT DAB 600/C Authentication Bypass Reset Board Config Exploit

Summary Screen's new radio DAB Transmitter is reaching the highest technology level in both Digital Signal Processing and RF domain. SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the digital adaptive precorrection and configuatio flexibility, the Hot Swap System technology, the...

Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from a remote code execution...

KevinLAB BEMS 1.0 Authenticated File Path Traversal Information Disclosure

Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...

OctoberCMS v3.4.0 (Category) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

Osprey Pump Controller 1.0.1 Unauthenticated Reflected XSS

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

OpenBMCS 2.4 CSRF Send E-mail

Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Credentials Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller allows an unauthenticated attacker to...

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

Sielco PolyEco Digital FM Transmitter 2.0.6 Unauthenticated Information Disclosure

Summary PolyEco is the innovative family of high-end digital FM transmitters of Sielco. They are especially suited as high performance power system exciters or compact low-mid power transmitters. The same cabinet may in fact be fitted with 50, 100, 300, 500, 1000W power stage PolyEco50, 100, 300,...

ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure

Summary Protege GX is an enterprise level integrated access control, intrusion detection and building automation solution with a feature set that is easy to operate, simple to integrate and effortless to extend. Protege WX is an all-in-one, web-based, cross-platform system that gives you a fully...

Ksenia Security Lares WebServer Home Automation URL Redirection

Summary Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server. Description Input passed via the 'redirectPage' GET parameter in 'cmdOk.xml' script is not...

Screen SFT DAB 600/C Authentication Bypass Erase Account Exploit

Summary Screen's new radio DAB Transmitter is reaching the highest technology level in both Digital Signal Processing and RF domain. SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the digital adaptive precorrection and configuatio flexibility, the Hot Swap System technology, the...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (username) Unauthenticated Command Injection

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting Vulnerabilities

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

Anevia Flamingo XL 3.6.20 Authenticated Root Remote Code Execution

Summary Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL captures live TV and radio content from satellite, cable, digital terrestrial and analog sources before streaming it over IP networks to STBs, PCs or other IP-connected...

iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure

Summary The 4/8/16 channel hybrid standalone DVR delivers high quality pictures which adopts high performance video processing chips and embedded Linux system. This advanced video digital platform is very useful to identify an object from a long distance. Description The DVR suffers from an...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass

Summary ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and distribution market, where quality and reliability are most important. The Elber IRD Integrated Receiver Decoder ESE-01 offers a professional audio quality and composite video at an excellent...

Anevia Flamingo XL 3.2.9 (login) Remote Root Jailbreak

Summary Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL captures live TV and radio content from satellite, cable, digital terrestrial and analog sources before streaming it over IP networks to STBs, PCs or other IP-connected...

LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities

Summary LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures. Description The application suffers from multiple...

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection

Summary The Leica GR10 is the next generation GNSS reference station receiver that combines the latest state-of-the-art technologies with a streamlined 'plug and play' workflow. Designed for a wide variety of GNSS reference station applications, the Leica GR10 offers new levels of simplicity,...

Sakai 10.7 Multiple Vulnerabilities

Summary Sakai is a free, community source, educational software platform designed to support teaching, research and collaboration. Systems of this type are also known as Course Management Systems CMS, Learning Management Systems LMS, or Virtual Learning Environments VLE. Description Sakai suffers...

Elber Wayber Analog/Digital Audio STL 4.00 Device Config

Summary Wayber II is the name of an analogue/digital microwave link able to transport a Mono or a MPX stereo signal from studio to audio transmitter. Compact and reliable, it features very high quality and modern technology both in signal processing and microwave section leading to outstanding...

Screen SFT DAB 600/C Authentication Bypass Account Creation Exploit

Summary Screen's new radio DAB Transmitter is reaching the highest technology level in both Digital Signal Processing and RF domain. SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the digital adaptive precorrection and configuatio flexibility, the Hot Swap System technology, the...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (traceroute.php) Conditional Command Injection

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (upload.cgi) Unauthenticated Remote Code Execution

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

ECOA Building Automation System Authorization Bypass / IDOR

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation

Summary Easy Anti-Cheat is the industry-leading anti–cheat service, countering hacking and cheating in multiplayer PC games through the use of hybrid anti–cheat mechanisms. Description The application suffers from an unquoted search path issue impacting the service 'EasyAntiCheat' for Windows...

ABB Cylon FLXeon 9.3.4 Default Credentials

Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...

Aquatronica Control System 5.1.6 Passwords Leak Vulnerability

Summary Aquatronica's electronic AQUARIUM CONTROLLER is easy to use, allowing you to control all the electrical devices in an aquarium and to monitor all their parameters; it can be used for soft water aquariums, salt water aquariums or both simultaneously. Description The tcp.php endpoint on the...

ABB Cylon Aspect 3.08.00 (setTimeServer.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass

Summary The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a basic chassis with 4 extractable boards which makes maintenance and critical operations, like frequency modification, easy and efficient. The modular approach has...