1109 matches found
Farmer's Fridge Kiosk 2.0.0 Unprotected Event Log Information Disclosure
Summary Don’t think of the Farmer’s Fridge kiosk as a vending machine. It’s a veggie machine. And just as each salad is a culinary thing of beauty, the kiosk is a work of art in its own right. Made from reclaimed wood provided by Modern Urban Woods of West Chicago and even some recycled materials...
Cimetrics BACnet Explorer 4.0 XXE Vulnerability
Summary The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Description BACnetExplorer suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected...
Cimetrics BACstac Routing Service 6.2f Local Privilege Escalation
Summary BACstac belongs to product BACstacTM Networking Software and was developed by company Cimetrics Inc. Cimetrics is excited to announce a new version of our industry-leading BACnet protocol stack: BACstac 6.8. The Cimetrics BACstac saves man-years of development when your company needs to...
SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit
Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...
SonicDICOM PACS 2.3.2 Multiple Stored Cross-Site Scripting Vulnerabilities
Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from multiple stored XSS vulnerabilities. Input passed to several API POST parameters is not properly sanitised before being returned to the...
SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit
Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter...
TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities
Summary TrueConf Server is a powerful, high-quality and highly secured video conferencing software server. It is specially designed to work with up to 250 participants in a multipoint conference over LAN or VPN networks. TrueConf Server requires no hardware and includes client applications for al...
Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF
Summary Keep up with the demands of today’s remote workforce. Enable secure mobile access to critical apps and data without compromising security. Choose from a variety of scalable secure mobile access SMA appliances and intuitive Mobile Connect apps to fit every size business and budget...
Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass
Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...
Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS
Summary Uncompromising security and performance for emerging large organizations. The NSA 6600 network security appliance delivers best-in-class protection, speed and scalability with 12 Gbps throughput and up to 6000 VPN clients. Description SonicWALL NSA suffers from a XSS issue due to a failur...
Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities
Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...
Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection
Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...
OsiriX Web Portal 8.0.1 DOM Based XSS
Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...
Orthanc DICOM Server 1.1.0 Remote Memory Corruption Vulnerability
Summary Orthanc is a Belgian, open-source, lightweight RESTful DICOM server for healthcare and medical research with an ubiquitous web interface that enables you to upload, receive and transfer DICOM images. It comes with a REST API to automate imaging flows and an SDK to integrate with native...
Horos 2.1.0 DICOM Medical Image Viewer Remote Memory Overflow Vulnerability
Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description The vulnerability is caused due to the usage o...
DCMTK storescp DICOM storage (C-STORE) SCP Remote Stack Buffer Overflow
Summary DCMTK is a collection of libraries and applications implementing large parts the DICOM standard. It includes software for examining, constructing and converting DICOM image files, handling offline media, sending and receiving images over a network connection, as well as demonstrative imag...
ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE
Summary A full featured DICOM server has been developed based on the public domain UCDMC DICOM code. Some possible applications of the Conquest DICOM software are: DICOM training and testing; Demonstration image archives; Image format conversion from a scanner with DICOM network access; DICOM ima...
Horos 2.1.0 Web Portal Remote Information Disclosure Exploit
Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a file disclosure...
Horos 2.1.0 Web Portal DOM Based XSS
Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a DOM-based XSS vulnerabili...
Orthanc DICOM Server 1.1.0 Unquoted Service Path Privilege Escalation
Summary Orthanc is a Belgian, open-source, lightweight RESTful DICOM server for healthcare and medical research with an ubiquitous web interface that enables you to upload, receive and transfer DICOM images. It comes with a REST API to automate imaging flows and an SDK to integrate with native...
OsiriX DICOM Viewer 8.0.1 (dulparse.cc) Remote Memory Corruption Vulnerability
Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...
Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit
Summary Serva is a light 3 MB, yet powerful Microsoft Windows application. It was conceived mainly as an Automated PXE Server Solution Accelerator. It bundles on a single exe all of the underlying server protocols and services required by the most complex PXE network boot/install scenarios...
X5 Webserver 5.0 Remote Denial Of Service Exploit
Summary X5 is the latest generation web server from iMatix Corporation. The Xitami product line stretches back to 1996. X5 is built using iMatix's current Base2 technology for multithreading applications. On multicore machines, it is much more scalable than Xitami/2. Description The vulnerability...
Peplink NGxxx/LCxxx VPN-Firewall Open Redirect Vulnerability
Summary The NG500 / 520 is a high-performance VPN server, which is suitable for small and medium enterprises to use as a VPN center. It is simple to deploy and high security. At the same time, NG500 / 520 products also integrates advanced firewall features to support access to computers by group,...
InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
InfraPower PPS-02-S Q213V1 Multiple XSS Vulnerabilities
Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...
ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
ZKTeco ZKBioSecurity 3.0 (visLogin.jsp) Local Authorization Bypass
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability
Summary ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your...
ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions
Summary ZKAccess 3.5 is a desktop software which is suitable for small and medium businesses application. Compatible with all ZKAccess standalone reader controllers, the software can simultaneously manage access control and generate attendance report. The brand new flat GUI design and humanized...
ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions
Summary ZKTime.Net V3.0 is a new generation time attendance management software. Meanwhile, it integrates with time attendance and access control system. Some frequently used functions such as attendance reports, device management and employee management can be managed directly on the home page...
ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution
Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...
Sakai 10.7 Multiple Vulnerabilities
Summary Sakai is a free, community source, educational software platform designed to support teaching, research and collaboration. Systems of this type are also known as Course Management Systems CMS, Learning Management Systems LMS, or Virtual Learning Environments VLE. Description Sakai suffers...
Newtec Satellite Modem MDM6000 2.2.5 Cross-Site Scripting Vulnerability
Summary The MDM6000 modem is typically installed at both ends of a point-to-point satellite link or at the remote sites of a star network. The unit can work as a modulator, demodulator or modem depending on the network configuration and integrates seamlessly with terrestrial IP networks and...
EyeLock nano NXT 3.5 Remote Root Exploit
Summary EyeLock is an advanced iris authentication and recognition solutions company focused on developing next-generation systems for global access control and identity management. nano NXT® - the next generation of EyeLock’s revolutionary access control solutions. nano NXT renders all other...
EyeLock nano NXT 3.5 Local File Disclosure Vulnerability
Summary Nano NXT is the most advanced compact iris-based identity authentication device in Eyelock's comprehensive suite of end-to-end identity authentication solutions. Nano NXT is a miniaturized iris-based recognition system capable of providing real-time identification, both in-motion and at a...
EyeLock Myris 3.3.2 SDK Service Unquoted Service Path Privilege Escalation
Summary myris® provides unparalleled security, is portable, lightweight and is as easy as looking in a mirror. Use myris to quickly and easily enroll users for EyeLock’s access control products or to grant users access to corporate domain environments within seconds—users never have to type their...
NUUO Backdoor (strong_user.php) Remote Shell Access
Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...
NUUO Local File Disclosure Vulnerability
Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...
NUUO Arbitrary File Deletion Vulnerability
Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...
NUUO CSRF Add Admin Exploit
Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...
NUUO Multiple OS Command Injection Vulnerabilities
Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...