1103 matches found
Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution
Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without...
Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service
Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. !/usr/bin/env python...
NS International Train Tickets v7.31.4 Reflected XSS Vulnerability
Summary NS International Train Tickets is a web application that is used by NS International Dutch railways to manage search, book, plan, buy train tickets for international travels from the Netherlands. Description NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable t...
Allworx Server Manager Multiple Cross-Site Scripting Vulnerabilities
Summary The Allworx phone system enables users to manage voicemails in the Allworx Message Center and customize the personal phone system configurations using My Allworx Manager. Description Allworx server manager interface suffers from multiple reflected XSS vulnerabilities when input passed via...
Mikogo 5.4.1.160608 Local Credentials Disclosure
Summary Mikogo is a desktop sharing software application for web conferencing and remote support, and is provided by the online collaboration provider, BeamYourScreen GmbH. Mikogo provides its software as native downloads for Windows, Mac OS X, Linux, iOS and Android. Description Mikogo is...
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
Summary Get the best image detail in challenging imaging environments with the FLIR FC-Series S thermal network camera. The award-winning FC-Series S camera sets the industry standard for high-quality thermal security cameras, ideal for perimeter protection applications. The FC-Series S is capabl...
FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure
Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...
FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures
Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...
FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials
Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...
FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root Exploit
Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...
NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability
Summary NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible. Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST paramete...
NethServer 7.3.1611 (create.json) CSRF Create User And Enable SSH Access
Summary NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify...
Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution
Summary WebCTRL®, Automated Logic's web-based building automation system, is known for its intuitive user interface and powerful integration capabilities. It allows building operators to optimize and manage all of their building systems - including HVAC, lighting, fire, elevators, and security -...
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
Summary WebCTRL®, Automated Logic's web-based building automation system, is known for its intuitive user interface and powerful integration capabilities. It allows building operators to optimize and manage all of their building systems - including HVAC, lighting, fire, elevators, and security -...
Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation
Summary WebCTRL®, Automated Logic's web-based building automation system, is known for its intuitive user interface and powerful integration capabilities. It allows building operators to optimize and manage all of their building systems - including HVAC, lighting, fire, elevators, and security -...
DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures
Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...
DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities
Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...
DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness
Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...
DALIM SOFTWARE ES Core 5.0 build 7184.1 Server-Side Request Forgery
Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...
Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery
Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...
Dasan Networks GPON ONT WiFi Router H64X Series System Config Download
Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...
Dasan Networks GPON ONT WiFi Router H64X Series Privilege Escalation
Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...
Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass
Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...
Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution
Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal
Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description Pelco VideoXpert suffers...
Schneider Electric Pelco VideoXpert Privilege Escalations
Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The application is...
Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities
Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...
Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information
Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...
SimpleRisk v20170416-001 Reflected XSS Vulnerabilities
Summary SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic...
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution
Summary With the EnGenius IoT Gigabit Routers and free EnShare app, use your iPhone, iPad or Android-based tablet or smartphone to transfer video, music and other files to and from a router-attached USB hard drive. Enshare is a USB media storage sharing application that enables access to files...
OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities
Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...
OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit
Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...
OV3 Online Administration 3.0 Authenticated Code Execution
Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...
CERIO 11nbg 2.4Ghz High Power Wireless Router (pekcmd) Rootshell Backdoors
Summary CERIO's DT-300N A4 eXtreme Power 11n 2.4Ghz 2x2 High Power Wireless Access Point with built-in 10dBi patch antennas and also supports broadband wireless routing. DT-300N A4's wireless High Power design enhances the range and stability of the device's wireless signal in office and home...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...
Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application suffers from an unquoted search path issue impacting...
Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application is vulnerable to a DOM-based cross-site scripting. Da...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...
Emby MediaServer 3.2.5 Reflected XSS Vulnerability
Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description Emby suffers from a XSS issue due ...
Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability
Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description Emby suffers from a blind SQL...
Emby MediaServer 3.2.5 Password Reset Vulnerability
Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description The issue can be triggered by an...
Emby MediaServer 3.2.5 Directory Traversal File Disclosure Vulnerability
Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description The vulnerability was confirmed on...
Farmer's Fridge Kiosk 2.0.0 Unprotected Event Log Information Disclosure
Summary Don’t think of the Farmer’s Fridge kiosk as a vending machine. It’s a veggie machine. And just as each salad is a culinary thing of beauty, the kiosk is a work of art in its own right. Made from reclaimed wood provided by Modern Urban Woods of West Chicago and even some recycled materials...
Cimetrics BACstac Routing Service 6.2f Local Privilege Escalation
Summary BACstac belongs to product BACstacTM Networking Software and was developed by company Cimetrics Inc. Cimetrics is excited to announce a new version of our industry-leading BACnet protocol stack: BACstac 6.8. The Cimetrics BACstac saves man-years of development when your company needs to...
Cimetrics BACnet Explorer 4.0 XXE Vulnerability
Summary The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Description BACnetExplorer suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected...
SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit
Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter...
SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit
Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...
SonicDICOM PACS 2.3.2 Multiple Stored Cross-Site Scripting Vulnerabilities
Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from multiple stored XSS vulnerabilities. Input passed to several API POST parameters is not properly sanitised before being returned to the...