1103 matches found
Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities
Summary Carlo Gavazzi is an international company that develops, manufactures and sells electrical automation components. Our products are used in industrial automation and real estate automation. Smart-house is based on a system that we have developed and produced since 1986, mainly for...
Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit
Summary Desigo PX is a modern building automation and control system for the entire field of building service plants. Scalable from small to large projects with highest degree of energy efficiency, openness and user-friendly operation. Description The device contains a vulnerability that could...
Smartwares HOME easy v1.0.9 Database Backup Information Disclosure Exploit
Summary Home Easy/Smartwares are a range of products designed to remotely control your home using wireless technology. Home Easy/Smartwares is very simple to set up and allows you to operate your electrical equipment like lighting, appliances, heating etc. Description The home automation solution...
Smartwares HOME easy v1.0.9 Client-Side Authentication Bypass
Summary Home Easy/Smartwares are a range of products designed to remotely control your home using wireless technology. Home Easy/Smartwares is very simple to set up and allows you to operate your electrical equipment like lighting, appliances, heating etc. Description HOME easy suffers from...
iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P (get_jpeg) Stream Disclosure
Summary The 4/8/16 channel hybrid standalone DVR delivers high quality pictures which adopts high performance video processing chips and embedded Linux system. This advanced video digital platform is very useful to identify an object from a long distance. Description The DVR suffers from an...
V-SOL GPON/EPON OLT Platform v2.03 Cross-Site Request Forgery
Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...
V-SOL GPON/EPON OLT Platform v2.03 Remote Privilege Escalation
Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...
V-SOL GPON/EPON OLT Platform v2.03 Reflected XSS Vulnerability
Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...
V-SOL GPON/EPON OLT Platform v2.03 Unauthenticated Configuration Download
Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...
V-SOL GPON/EPON OLT Platform v2.03 Link Manipulation Vulnerability
Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...
Microsoft SharePoint 2013 SP1 Stored XSS Vulnerability
Summary SharePoint is a web-based collaborative platform that integrates with Microsoft Office. Launched in 2001, SharePoint is primarily sold as a document management and storage system, but the product is highly configurable and usage varies substantially among organizations. Description A...
Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
Summary Rifatron with its roots in Seoul, Korea has been supplying and servicing the security market as a leading CCTV/video surveillance security system manufacturer, specializing in stand-alone digital video recorder since 1998. We are known for marking the first standalone DVR with audio...
Yahei-PHP Prober v0.4.7 (speed) Remote HTML Injection Vulnerability
Summary Detection of system web server operating environment. Description Input passed to the GET parameter 'speed' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site. Yahei-P...
WordPress Plugin OneSignal 1.17.5 Persistent Cross-Site Scripting
Summary OneSignal is a high volume and reliable push notification service for websites and mobile applications. We support all major native and mobile platforms by providing dedicated SDKs for each platform, a RESTful server API, and an online dashboard for marketers to design and send push...
FaceSentry Access Control System 6.4.8 Remote Command Injection
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...
FaceSentry Access Control System 6.4.8 Remote Root Exploit
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...
FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...
FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...
FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...
FaceSentry Access Control System 6.4.8 Cleartext Password Storage
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...
FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit
Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...
Legrand BTicino Driver Manager F454 1.0.51 CSRF Change Password Exploit
Summary Audio/video web server for the remote control of the system using web pages or the MY HOME portal. The device can operate as a gateway for the use of the MHVisual and Virtual Configurator software - 6 DIN modules. It replaces item F453 and F453AV. Description The application interface...
Legrand BTicino Driver Manager F454 1.0.51 Authenticated Stored XSS Exploit
Summary Audio/video web server for the remote control of the system using web pages or the MY HOME portal. The device can operate as a gateway for the use of the MHVisual and Virtual Configurator software - 6 DIN modules. It replaces item F453 and F453AV. Description The application suffers from ...
SOCA Access Control System 180612 Information Disclosure
Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...
SOCA Access Control System 180612 Reflected Cross-Site Scripting
Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...
SOCA Access Control System 180612 SQL Injection And Authentication Bypass
Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...
SOCA Access Control System 180612 CSRF Add Admin Exploit
Summary The company's products include proximity and fingerprint access control system, time and attendance, electric locks, card reader and writer, keyless entry system and other 30 specialized products. All products are attractively designed with advanced technology in accordance with users'...
Ross Video DashBoard 8.5.1 Insecure Permissions
Summary DashBoard is a free and open platform from Ross Video for facility control and monitoring that enables users to quickly build unique, tailored Custom Panels that make complex operations simple. Description DashBoard suffers from an elevation of privileges vulnerability which can be used b...
exacqVision 9.8 Unquoted Service Path Privilege Escalation
Summary The exacqVision VMS Video Management System software records surveillance video from thousands of IP camera models and displays on a free Windows, Linux or OSX client software, web browser or mobile device. Description The application suffers from an unquoted search path issue impacting t...
Intel Modular Server System 10.18 CSRF Change Admin Password Exploit
Summary The Intel Modular Server System is a blade system manufactured by Intel using their own motherboards and processors. The Intel Modular Server System consists of an Intel Modular Server Chassis, up to six diskless Compute Blades, an integrated storage area network SAN, and three to five...
NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution
Summary The BEopt™ Building Energy Optimization Tool software provides capabilities to evaluate residential building designs and identify cost-optimal efficiency packages at various levels of whole-house energy savings along the path to zero net energy. Description BEopt suffers from a DLL...
BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution
Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...
BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit
Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...
BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure
Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure
Summary The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks, thanks to which it transmits a real-time image over the network with minimal delays. The camera supports the switching of the broadcast modes, and in the event of a...
devolo dLAN 550 duo+ Starter Kit Remote Code Execution
Summary Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative for any location without structured network wiring. Especially in buildings or residences lacking network cables or where updating the wiring would be expensive and...
devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery
Summary Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative for any location without structured network wiring. Especially in buildings or residences lacking network cables or where updating the wiring would be expensive and...
devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
Summary devolo dLAN® Cockpit is a software tool that allows devolo customers to monitor and optimise their dLAN® network using a software tool. Description The application suffers from an unquoted search path issue impacting the service 'DevoloNetworkService' for Windows deployed as part of Devol...
BEWARD Intercom 2.3.1 Credentials Disclosure
Summary Multiaccessible User Operation, Electronic Lock Control, Real-Time Video, Two-Way Audio. The software is used for BEWARD IP video door stations control. Description The application stores logs and sensitive information in an unencrypted binary file called BEWARD.INTERCOM.FDB. A local...
ManageEngine OpManager Privilege Escalation
Summary OpManager offers comprehensive network monitoring capabilities that help you monitor network performance, detect network faults in real time, troubleshoot errors, and prevent downtime. Being a powerful network monitor, it supports multi-vendor IT environments and can scale to fit your...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection
Summary The Leica GR10 is the next generation GNSS reference station receiver that combines the latest state-of-the-art technologies with a streamlined 'plug and play' workflow. Designed for a wide variety of GNSS reference station applications, the Leica GR10 offers new levels of simplicity,...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery
Summary The Leica GR10 is the next generation GNSS reference station receiver that combines the latest state-of-the-art technologies with a streamlined 'plug and play' workflow. Designed for a wide variety of GNSS reference station applications, the Leica GR10 offers new levels of simplicity,...
Synaccess netBooter NP-0801DU 7.4 CSRF Add Admin Exploit
Summary netBooter™ NP-0801DU and NP-0801DUH PDUs provide secured remote power source management of 8 independent outlets. Includes true RMS AC current reading and environment temperature monitoring via TCP/IP networks or local direct connection. Description The application interface allows users ...
Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass
Summary netBooter™ NP-02B and NP-02BH provide independent control of one or two outlets in a small, robust form factor. Manageable via TCP/IP network or direct serial connection and 1U brackets optional for mounting. Control power to your devices with the ability to fit just about anywhere...
Microsoft Internet Explorer 11 Tree::Notify_InvalidateDisplay Null Pointer Dereference
Summary Internet Explorer is a series of graphical web browsers developed by Microsoft and included in the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year. Description The crash is caused due to a NU...
Anviz AIM CrossChex Standard 4.3 Excel Macro Injection
Summary Access Control and Time Attendance Management System. Complying with our self-developed fingerprint, facial, iris, etc. devices, CrossChex Standard integrates intelligent management of time attendance and relevant functions of access control. It has been widely used in many office buildin...
TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure Vulnerability
Summary The TL-SC3130G surveillance camera is a versatile solution for your home and office monitoring, whose 54Mbps wireless connectivity enables you to deploy the camera where inaccessible previously by Ethernet connection such as ceiling and walls. This camera can be placed in your living room...
FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure
Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...
FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure
Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell Access
Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...