Lucene search
K
ZeroscienceRecent

1109 matches found

Zero Science Lab
Zero Science Lab
added 2018/02/11 12:0 a.m.252 views

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation

Summary LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures. Description LogicalDOC suffers from multiple...

8.7CVSS6.2AI score0.0035EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2018/01/22 12:0 a.m.1418 views

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download

Summary NEC's UNIVERGE® SV9100 is the unified communications UC solution of choice for small and medium businesses SMBs who don't want to be left behind. Designed to fit your unique needs, the UNIVERGE SV9100 platform is a powerful communications solution that provides SMBs with the efficient,...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.71 views

Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description Insecure direct object references occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attacke...

9.8CVSS5.8AI score0.00524EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.72 views

Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. !/usr/bin/env python...

8.7CVSS5.8AI score0.00706EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.121 views

Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities

Summary Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web. Moreover, it provides the ability to sync your data with Google Calendar so you can use them with other services. It is an open source project and you can...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.75 views

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT metho...

9.8CVSS5.8AI score0.01039EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.74 views

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without...

5.3CVSS6AI score0.00286EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.112 views

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure

Summary Drive production profitability with Fiery servers and workflow products. See which Fiery digital front end is right for your current or future print engines and business needs. Manage all your printers from a single screen using this intuitive print job management interface. Description...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/12/24 12:0 a.m.107 views

NS International Train Tickets v7.31.4 Reflected XSS Vulnerability

Summary NS International Train Tickets is a web application that is used by NS International Dutch railways to manage search, book, plan, buy train tickets for international travels from the Netherlands. Description NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable t...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/11/15 12:0 a.m.181 views

Allworx Server Manager Multiple Cross-Site Scripting Vulnerabilities

Summary The Allworx phone system enables users to manage voicemails in the Allworx Message Center and customize the personal phone system configurations using My Allworx Manager. Description Allworx server manager interface suffers from multiple reflected XSS vulnerabilities when input passed via...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/10/23 12:0 a.m.41 views

Mikogo 5.4.1.160608 Local Credentials Disclosure

Summary Mikogo is a desktop sharing software application for web conferencing and remote support, and is provided by the online collaboration provider, BeamYourScreen GmbH. Mikogo provides its software as native downloads for Windows, Mac OS X, Linux, iOS and Android. Description Mikogo is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/09/25 12:0 a.m.113 views

FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root Exploit

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

9.8CVSS6.2AI score0.1064EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/09/25 12:0 a.m.78 views

FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

8.7CVSS5.9AI score0.08345EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/09/25 12:0 a.m.99 views

FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection

Summary Get the best image detail in challenging imaging environments with the FLIR FC-Series S thermal network camera. The award-winning FC-Series S camera sets the industry standard for high-quality thermal security cameras, ideal for perimeter protection applications. The FC-Series S is capabl...

8.8CVSS6.1AI score0.13995EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/09/25 12:0 a.m.129 views

FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

9.3CVSS7.2AI score0.00282EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/09/25 12:0 a.m.73 views

FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

8.7CVSS5.8AI score0.00422EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/08/29 12:0 a.m.86 views

NethServer 7.3.1611 (create.json) CSRF Create User And Enable SSH Access

Summary NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/29 12:0 a.m.62 views

NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability

Summary NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible. Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST paramete...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/22 12:0 a.m.90 views

Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write

Summary WebCTRL®, Automated Logic's web-based building automation system, is known for its intuitive user interface and powerful integration capabilities. It allows building operators to optimize and manage all of their building systems - including HVAC, lighting, fire, elevators, and security -...

6.5CVSS6.9AI score0.0845EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2017/08/22 12:0 a.m.840 views

Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution

Summary WebCTRL®, Automated Logic's web-based building automation system, is known for its intuitive user interface and powerful integration capabilities. It allows building operators to optimize and manage all of their building systems - including HVAC, lighting, fire, elevators, and security -...

7.8CVSS7.7AI score0.02368EPSS
Exploits6
Zero Science Lab
Zero Science Lab
added 2017/08/22 12:0 a.m.187 views

Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation

Summary WebCTRL®, Automated Logic's web-based building automation system, is known for its intuitive user interface and powerful integration capabilities. It allows building operators to optimize and manage all of their building systems - including HVAC, lighting, fire, elevators, and security -...

7CVSS7.5AI score0.01411EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2017/08/09 12:0 a.m.49 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 Server-Side Request Forgery

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/09 12:0 a.m.48 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 User Enumeration Weakness

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/09 12:0 a.m.44 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/08/09 12:0 a.m.54 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures

Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/07/12 12:0 a.m.1833 views

Dasan Networks GPON ONT WiFi Router H64X Series System Config Download

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/07/12 12:0 a.m.127 views

Dasan Networks GPON ONT WiFi Router H64X Series Privilege Escalation

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/07/12 12:0 a.m.139 views

Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/07/12 12:0 a.m.77 views

Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/07/10 12:0 a.m.150 views

Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information

Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...

6.9CVSS6.9AI score0.01994EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/07/10 12:0 a.m.129 views

Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal

Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description Pelco VideoXpert suffers...

5.8CVSS6.6AI score0.04612EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/07/10 12:0 a.m.77 views

Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution

Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...

9CVSS8.1AI score0.01721EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/07/10 12:0 a.m.99 views

Schneider Electric Pelco VideoXpert Privilege Escalations

Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The application is...

7.1CVSS7.4AI score0.01618EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/07/10 12:0 a.m.199 views

Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access

Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/07/10 12:0 a.m.89 views

Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities

Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...

5.4CVSS6.4AI score0.00818EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/06/21 12:0 a.m.65 views

SimpleRisk v20170416-001 Reflected XSS Vulnerabilities

Summary SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities. It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/06/04 12:0 a.m.414 views

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

Summary With the EnGenius IoT Gigabit Routers and free EnShare app, use your iPhone, iPad or Android-based tablet or smartphone to transfer video, music and other files to and from a router-attached USB hard drive. Enshare is a USB media storage sharing application that enables access to files...

10CVSS6.2AI score0.12334EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2017/05/30 12:0 a.m.69 views

OV3 Online Administration 3.0 Multiple Unauthenticated SQL Injection Vulnerabilities

Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/05/30 12:0 a.m.85 views

OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit

Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/05/30 12:0 a.m.59 views

OV3 Online Administration 3.0 Authenticated Code Execution

Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/05/28 12:0 a.m.119 views

CERIO 11nbg 2.4Ghz High Power Wireless Router (pekcmd) Rootshell Backdoors

Summary CERIO's DT-300N A4 eXtreme Power 11n 2.4Ghz 2x2 High Power Wireless Access Point with built-in 10dBi patch antennas and also supports broadband wireless routing. DT-300N A4's wireless High Power design enhances the range and stability of the device's wireless signal in office and home...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/05/03 12:0 a.m.81 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

8.7CVSS5.8AI score0.00395EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/05/03 12:0 a.m.134 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...

9.3CVSS6.5AI score0.0309EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/05/03 12:0 a.m.85 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

8.7CVSS5.8AI score0.00661EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/05/03 12:0 a.m.110 views

Serviio PRO 1.8 DLNA Media Streaming Server Local Privilege Escalation

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application suffers from an unquoted search path issue impacting...

8.5CVSS7.6AI score0.00141EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/05/03 12:0 a.m.73 views

Serviio PRO 1.8 DLNA Media Streaming Server (mediabrowser) DOM Based XSS

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The application is vulnerable to a DOM-based cross-site scripting. Da...

6.1CVSS5.8AI score0.00238EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2017/04/30 12:0 a.m.102 views

Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability

Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description Emby suffers from a blind SQL...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/04/30 12:0 a.m.219 views

Emby MediaServer 3.2.5 Password Reset Vulnerability

Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description The issue can be triggered by an...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/04/30 12:0 a.m.82 views

Emby MediaServer 3.2.5 Directory Traversal File Disclosure Vulnerability

Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description The vulnerability was confirmed on...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/04/30 12:0 a.m.54 views

Emby MediaServer 3.2.5 Reflected XSS Vulnerability

Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description Emby suffers from a XSS issue due ...

6.1AI score
Exploits0
Total number of security vulnerabilities1109