Lucene search
K
ZeroscienceRecent

1109 matches found

Zero Science Lab
Zero Science Lab
added 2017/03/26 12:0 a.m.57 views

Farmer's Fridge Kiosk 2.0.0 Unprotected Event Log Information Disclosure

Summary Don’t think of the Farmer’s Fridge kiosk as a vending machine. It’s a veggie machine. And just as each salad is a culinary thing of beauty, the kiosk is a work of art in its own right. Made from reclaimed wood provided by Modern Urban Woods of West Chicago and even some recycled materials...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/02/12 12:0 a.m.118 views

Cimetrics BACnet Explorer 4.0 XXE Vulnerability

Summary The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Description BACnetExplorer suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/02/12 12:0 a.m.135 views

Cimetrics BACstac Routing Service 6.2f Local Privilege Escalation

Summary BACstac belongs to product BACstacTM Networking Software and was developed by company Cimetrics Inc. Cimetrics is excited to announce a new version of our industry-leading BACnet protocol stack: BACstac 6.8. The Cimetrics BACstac saves man-years of development when your company needs to...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/02/11 12:0 a.m.75 views

SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit

Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/02/11 12:0 a.m.74 views

SonicDICOM PACS 2.3.2 Multiple Stored Cross-Site Scripting Vulnerabilities

Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from multiple stored XSS vulnerabilities. Input passed to several API POST parameters is not properly sanitised before being returned to the...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/02/11 12:0 a.m.175 views

SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit

Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/01/29 12:0 a.m.260 views

TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities

Summary TrueConf Server is a powerful, high-quality and highly secured video conferencing software server. It is specially designed to work with up to 250 participants in a multipoint conference over LAN or VPN networks. TrueConf Server requires no hardware and includes client applications for al...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.51 views

Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF

Summary Keep up with the demands of today’s remote workforce. Enable secure mobile access to critical apps and data without compromising security. Choose from a variety of scalable secure mobile access SMA appliances and intuitive Mobile Connect apps to fit every size business and budget...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.148 views

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

4.3CVSS5.7AI score0.07973EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.49 views

Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS

Summary Uncompromising security and performance for emerging large organizations. The NSA 6600 network security appliance delivers best-in-class protection, speed and scalability with 12 Gbps throughput and up to 6000 VPN clients. Description SonicWALL NSA suffers from a XSS issue due to a failur...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.51 views

Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/29 12:0 a.m.56 views

Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.108 views

OsiriX Web Portal 8.0.1 DOM Based XSS

Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.61 views

Orthanc DICOM Server 1.1.0 Remote Memory Corruption Vulnerability

Summary Orthanc is a Belgian, open-source, lightweight RESTful DICOM server for healthcare and medical research with an ubiquitous web interface that enables you to upload, receive and transfer DICOM images. It comes with a REST API to automate imaging flows and an SDK to integrate with native...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.45 views

Horos 2.1.0 DICOM Medical Image Viewer Remote Memory Overflow Vulnerability

Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description The vulnerability is caused due to the usage o...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.644 views

DCMTK storescp DICOM storage (C-STORE) SCP Remote Stack Buffer Overflow

Summary DCMTK is a collection of libraries and applications implementing large parts the DICOM standard. It includes software for examining, constructing and converting DICOM image files, handling offline media, sending and receiving images over a network connection, as well as demonstrative imag...

7.5CVSS7.2AI score0.03906EPSS
Exploits2
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.62 views

ConQuest DICOM Server 1.4.17d Remote Stack Buffer Overflow RCE

Summary A full featured DICOM server has been developed based on the public domain UCDMC DICOM code. Some possible applications of the Conquest DICOM software are: DICOM training and testing; Demonstration image archives; Image format conversion from a scanner with DICOM network access; DICOM ima...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.45 views

Horos 2.1.0 Web Portal Remote Information Disclosure Exploit

Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a file disclosure...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.100 views

Horos 2.1.0 Web Portal DOM Based XSS

Summary Horos™ is an open-source, free medical image viewer. The goal of the Horos Project is to develop a fully functional, 64-bit medical image viewer for OS X. Horos is based upon OsiriX and other open source medical imaging libraries. Description Horos suffers from a DOM-based XSS vulnerabili...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.103 views

Orthanc DICOM Server 1.1.0 Unquoted Service Path Privilege Escalation

Summary Orthanc is a Belgian, open-source, lightweight RESTful DICOM server for healthcare and medical research with an ubiquitous web interface that enables you to upload, receive and transfer DICOM images. It comes with a REST API to automate imaging flows and an SDK to integrate with native...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/16 12:0 a.m.51 views

OsiriX DICOM Viewer 8.0.1 (dulparse.cc) Remote Memory Corruption Vulnerability

Summary With high performance and an intuitive interactive user interface, OsiriX MD is the most widely used DICOM viewer in the world. It is the result of more than 10 years of research and development in digital imaging. It fully supports the DICOM standard for an easy integration in your...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/12/12 12:0 a.m.39 views

Serva 3.0.0 HTTP Server Module Remote Denial of Service Exploit

Summary Serva is a light 3 MB, yet powerful Microsoft Windows application. It was conceived mainly as an Automated PXE Server Solution Accelerator. It bundles on a single exe all of the underlying server protocols and services required by the most complex PXE network boot/install scenarios...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/11/30 12:0 a.m.44 views

X5 Webserver 5.0 Remote Denial Of Service Exploit

Summary X5 is the latest generation web server from iMatix Corporation. The Xitami product line stretches back to 1996. X5 is built using iMatix's current Base2 technology for multithreading applications. On multicore machines, it is much more scalable than Xitami/2. Description The vulnerability...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/11/29 12:0 a.m.210 views

Peplink NGxxx/LCxxx VPN-Firewall Open Redirect Vulnerability

Summary The NG500 / 520 is a high-performance VPN server, which is suitable for small and medium enterprises to use as a VPN center. It is simple to deploy and high security. At the same time, NG500 / 520 products also integrates advanced firewall features to support access to computers by group,...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.44 views

InfraPower PPS-02-S Q213V1 Authentication Bypass Vulnerability

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.33 views

InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.55 views

InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.44 views

InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.52 views

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.37 views

InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/10/28 12:0 a.m.40 views

InfraPower PPS-02-S Q213V1 Multiple XSS Vulnerabilities

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/31 12:0 a.m.46 views

ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

9.8CVSS5.8AI score0.00563EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/31 12:0 a.m.79 views

ZKTeco ZKBioSecurity 3.0 (visLogin.jsp) Local Authorization Bypass

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

6.8CVSS5.8AI score0.00149EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/31 12:0 a.m.88 views

ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

6.9CVSS5.8AI score0.00206EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/31 12:0 a.m.154 views

ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

5.3CVSS5.8AI score0.00207EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/31 12:0 a.m.132 views

ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability

Summary ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your...

7.2CVSS6.1AI score0.00259EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/30 12:0 a.m.2387 views

ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions

Summary ZKAccess 3.5 is a desktop software which is suitable for small and medium businesses application. Compatible with all ZKAccess standalone reader controllers, the software can simultaneously manage access control and generate attendance report. The brand new flat GUI design and humanized...

8.8CVSS5.8AI score0.00443EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/30 12:0 a.m.32 views

ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

6.1CVSS6.1AI score0.00248EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/30 12:0 a.m.1186 views

ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions

Summary ZKTime.Net V3.0 is a new generation time attendance management software. Meanwhile, it integrates with time attendance and access control system. Some frequently used functions such as attendance reports, device management and employee management can be managed directly on the home page...

9.8CVSS5.9AI score0.00735EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/30 12:0 a.m.150 views

ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

9.8CVSS6.2AI score0.0078EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2016/08/21 12:0 a.m.283 views

Sakai 10.7 Multiple Vulnerabilities

Summary Sakai is a free, community source, educational software platform designed to support teaching, research and collaboration. Systems of this type are also known as Course Management Systems CMS, Learning Management Systems LMS, or Virtual Learning Environments VLE. Description Sakai suffers...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/21 12:0 a.m.504 views

Newtec Satellite Modem MDM6000 2.2.5 Cross-Site Scripting Vulnerability

Summary The MDM6000 modem is typically installed at both ends of a point-to-point satellite link or at the remote sites of a star network. The unit can work as a modulator, demodulator or modem depending on the network configuration and integrates seamlessly with terrestrial IP networks and...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/10 12:0 a.m.45 views

EyeLock nano NXT 3.5 Remote Root Exploit

Summary EyeLock is an advanced iris authentication and recognition solutions company focused on developing next-generation systems for global access control and identity management. nano NXT® - the next generation of EyeLock’s revolutionary access control solutions. nano NXT renders all other...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/10 12:0 a.m.46 views

EyeLock nano NXT 3.5 Local File Disclosure Vulnerability

Summary Nano NXT is the most advanced compact iris-based identity authentication device in Eyelock's comprehensive suite of end-to-end identity authentication solutions. Nano NXT is a miniaturized iris-based recognition system capable of providing real-time identification, both in-motion and at a...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/10 12:0 a.m.53 views

EyeLock Myris 3.3.2 SDK Service Unquoted Service Path Privilege Escalation

Summary myris® provides unparalleled security, is portable, lightweight and is as easy as looking in a mirror. Use myris to quickly and easily enroll users for EyeLock’s access control products or to grant users access to corporate domain environments within seconds—users never have to type their...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/06 12:0 a.m.67 views

NUUO Backdoor (strong_user.php) Remote Shell Access

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/06 12:0 a.m.45 views

NUUO Local File Disclosure Vulnerability

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/06 12:0 a.m.25 views

NUUO Arbitrary File Deletion Vulnerability

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/06 12:0 a.m.26 views

NUUO CSRF Add Admin Exploit

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/08/06 12:0 a.m.92 views

NUUO Multiple OS Command Injection Vulnerabilities

Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...

6AI score
Exploits0
Total number of security vulnerabilities1109