1109 matches found
Hyperoptic (Tilgin) Router HG23xx Multiple XSS And CSRF Vulnerabilities
Summary Tilgin's HG23xx family of products offers a flexible and high capacity product in a tiny form factor. When having the product in your hands, do not get fooled by its mere size. The product offers full gigabit routing and a state of the art superior WLAN solution. It runs all services...
Ilevia EVE X1/X5 Server 4.7.18.0.eden Authentication Bypass Exploit
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
MiniDVBLinux 5.4 Change Root Password PoC
Summary MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay...
MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability
Summary MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay...
Art Systems FluidDraw P5/S5 5.3n Binary Planting Arbitrary Code Execution
Summary Fluiddraw enables the creation of electrical and pneumatic circuit diagrams. The tool makes it easier to plan complete systems and implement individual components. Users access the Festo catalogue and their own imported databases and can thus benefit from evaluation functions and created...
ABB Cylon FLXeon 9.3.5 (variant.js) Unauthenticated System Information Disclosure
Summary BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boiler...
ECOA Building Automation System Path Traversal Arbitrary File Upload
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (services) Authenticated Command Injection
Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP (svdrpsend.sh) Exploit
Summary MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay...
meterN v1.2.3 Authenticated Remote Command Execution Vulnerability
Summary meterN is a set of PHP/JS files that make a -Home energy metering & monitoring- solution. It accept any meters like : electrical, water, gas, fuel consumption, solar, Wind energy production and so on. Sensors such as temperature or humidity are also accepted. The philosophy is: To keep it...
Peplink NGxxx/LCxxx VPN-Firewall Open Redirect Vulnerability
Summary The NG500 / 520 is a high-performance VPN server, which is suitable for small and medium enterprises to use as a VPN center. It is simple to deploy and high security. At the same time, NG500 / 520 products also integrates advanced firewall features to support access to computers by group,...
V-SOL GPON/EPON OLT Platform v2.03 Reflected XSS Vulnerability
Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...
B-swiss 3 Digital Signage System 3.6.5 CSRF Add Maintenance Admin
Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...
ABB Cylon Aspect 3.08.03 (MIX->HTTPDownloadServlet) Remote Code Execution
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the...
SoX 14.4.2 (wav.c) Division By Zero
Summary SoX Sound eXchange is the Swiss Army knife of sound processing tools: it can convert sound files between many different file formats and audio devices, and can apply many sound effects and transformations, as well as doing basic analysis and providing input to more capable analysis and...
SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration Weakness
Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...
VBA32 Personal Antivirus 3.12.8.x (malformed archive) DoS Exploit
Summary Antivirus program for personal computers running Windows which is a reliable and, it is crucial, quick tool to detect and neutralize computer viruses, mail worms, trojan programs and other malware backdoors, adware, spyware, etc in real time and by request. Description Vba32 Personal...
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (username) Authentication Bypass
Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Cross-Site Request Forgery
Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...
BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
Summary BrightSign designs media players and provides free software and cloud networking solutions for the commercial digital signage market worldwide, serving all vertical segments of the marketplace. Description Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the...
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (password) Unauthenticated Command Injection
Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...
BACnet Test Server 1.01 Remote Denial of Service Exploit
Summary This is a simple BACnet Server aimed at developers who want to explore or test their BACnet Client implementations of the ASHRAE BACnet protocol. It is based on Steve Karg's fine implementation of the BACnet Stack. Description The BACNet Test Server is vulnerable to a denial of service Do...
B-swiss 3 Digital Signage System 3.6.5 Database Disclosure
Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...
ABB Cylon Aspect 3.08.03 (MIX->DeploymentServlet) Remote Code Execution
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the...
Adtec Digital Multiple Products Default/Hardcoded Credentials Remote Root
Summary Adtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions. Description The devices utilizes hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in...
QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cookie User Password Disclosure
Summary Digital Signage Software. Description The application suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. QiHang Media Web QH.aspx Digital...
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...
ABB Cylon Aspect 3.08.03 (MIX->HTTPDownloadServlet) File Deletion
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect BMS/BAS is vulnerable to a critical flaw in the...
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...
dbaudio R1 v2.14.4 DNS-SD Service Unquoted Service Path Privilege Escalation
Summary The R1 Remote control software succeeds the d&b ROPE C software. It is a software package designed to operate d&b amplifiers D12, D6, E-PAC with Display remotely using the d&b Remote network based on CAN-Bus technology. Description The application suffers from an unquoted search path issu...
TP-Link TL-WR740N Wireless Router Remote Denial Of Service Exploit
Summary The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch. The wireless N Router is 802.11b&g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps at an even more affordable price...
Tattile Cameras 1.181.5 Use of Default Credentials
Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...
Extreme Networks Aerohive HiveOS <=11.x Remote Denial of Service Exploit
Summary Aerohive HiveOS is the network operating system that powers all Aerohive access points, based on a feature-rich Cooperative Control architecture. HiveOS enables Aerohive devices to organize into groups, or 'hives', which allows functionality like fast roaming, user-based access control an...
Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injections
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
TP-Link TL-WR740N Wireless Router MitM httpd Denial Of Service
Summary The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch. The wireless N Router is 802.11b&g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps at an even more affordable price...
ABB Cylon Aspect 3.08.03 (productRemovalUpdate.php) Remote Code Execution
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated blind OS...
Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation
Summary WebCTRL®, Automated Logic's web-based building automation system, is known for its intuitive user interface and powerful integration capabilities. It allows building operators to optimize and manage all of their building systems - including HVAC, lighting, fire, elevators, and security -...
MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability
Summary MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay...
QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cleartext Credentials Disclosure
Summary Digital Signage Software. Description The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/User/User.xml' and obtain administrative login information...
MiniDVBLinux 5.4 Arbitrary File Read Vulnerability
Summary MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay...
ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service
Summary F3 packs all the power of ReQuest's multi-zone serious Play servers into a compact powerhouse. With the ability to add unlimited NAS devices, the F3 can handle your entire family's media collection with ease. Description The device can be shutdown or rebooted by an unauthenticated attacke...
Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover
Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description The...
ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure Vulnerability
Summary With the MediaPlayer, ReQuest delivers video content and award-winning distributed music capabilities. Up to 4 MediaPlayers 15 when coupled with an approved NAS can be connected through your home network to your ReQuest system, delivering HD video to your television in 1080p via HDMI...
Eibiz i-Media Server Digital Signage 3.8.0 (oldfile) File Path Traversal
Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description i-Media...
Allworx Server Manager Multiple Cross-Site Scripting Vulnerabilities
Summary The Allworx phone system enables users to manage voicemails in the Allworx Message Center and customize the personal phone system configurations using My Allworx Manager. Description Allworx server manager interface suffers from multiple reflected XSS vulnerabilities when input passed via...
Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure
Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description i-Media...
Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...
Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion
Summary Streamlabs Desktop is a free streaming and recording software, built on OBS Studio, for content creators to stream live to platforms like Twitch, YouTube, and Facebook. It is designed to be beginner-friendly and offers tools for creating engaging streams, such as customizable overlays,...
SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit
Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter...
Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials
Summary EVE is a smart home and building automation solution designed for both residential and commercial environments, including malls, hotels, restaurants, bars, gyms, spas, boardrooms, and offices. It enables comprehensive control and monitoring of electrical installations through a highly...