Wowza Streaming Engine 4.5.0 Local Privilege Escalation

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description Wowza Streaming...

Wowza Streaming Engine 4.5.0 Remote Privilege Escalation Exploit

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description The application...

Wowza Streaming Engine 4.5.0 Cleartext Storage Of Sensitive Information

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description The application...

Wowza Streaming Engine 4.5.0 CSRF Add Advanced Admin Exploit

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description The application...

Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description Wowza Streaming...

CyberPower Systems PowerPanel 3.1.2 XXE Out-Of-Band Data Retrieval

Summary The PowerPanel® Business Edition software from CyberPower provides IT professionals with the tools they need to easily monitor and manage their backup power. Available for compatible CyberPower UPS models, this software supports up to 250 clients, allowing users remote access from any...

AWBS v2.9.6 Multiple Remote Vulnerabilities

Summary Whether starting new or looking to expand your existing web hosting and/or domain registration business, the AWBS fully automated solutions and unique features will allow you achieve your goal with minimum effort and cost. Description AWBS suffers from multiple SQL Injection...

eCardMAX 10.5 Multiple Vulnerabilities

Summary eCardMax is the most trusted, powerful and dynamic online ecard software solution. It enables you to create your own ecard website with many of the advanced features found on other major sites. Starting your own ecard website with eCardMax is fast and easy. Description eCardMAX suffers fr...

XpoLog Center V6 Multiple Remote Vulnerabilities

Summary Applications Log Analysis and Management Platform. Description XpoLog suffers from multiple vulnerabilities including XSS, Open Redirection and Cross-Site Request Forgery. XpoLog Center V6 Multiple Remote Vulnerabilities Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected...

XpoLog Center V6 CSRF Remote Command Execution

Summary Applications Log Analysis and Management Platform. Description XpoLog suffers from arbitrary command execution. Attackers can exploit this issue using the task tool feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF an attacke...

Option CloudGate Insecure Direct Object References Authorization Bypass

Summary The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic unit certified on all major us cellular operators CDMA/EV-DO and WCDMA/HSPA+. The CloudGate is simple to configure locally or remotely from your PC, tablet or...

iBilling v3.7.0 Multiple Stored and Reflected Cross-Site Scripting Vulnerabilities

Summary Summary: The features you want, the simplicity you need! Beautifully designed for best User Interface & User Experience. The software That Works For YOUR Business! Get growing - with affordable, scalable business software. Find innovative ways to manage customers data, communicate with...

ACROS Security 0patch (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation

Summary 0patch pronounced 'zero patch' is a platform for instantly distributing, applying and removing microscopic binary patches to/from running processes without having to restart these processes much less reboot the entire computer. Description The application suffers from an unquoted search...

Gemalto Sentinel License Manager 18.0.1 Directory Traversal Vulnerability

Summary The Sentinel License Manager enforces and manages licensing in multi-user environment. It keeps track of all the licenses and handles requests from network users who want to run your application, granting authorization to the requesters to allow them to run the application, and denying...

Hyperoptic (Tilgin) Router HG23xx Multiple XSS And CSRF Vulnerabilities

Summary Tilgin's HG23xx family of products offers a flexible and high capacity product in a tiny form factor. When having the product in your hands, do not get fooled by its mere size. The product offers full gigabit routing and a state of the art superior WLAN solution. It runs all services...

FlatPress 1.0.3 CSRF Arbitrary File Upload

Summary FlatPress is a blogging engine that saves your posts as simple text files. Forget about SQL! You just need some PHP. Description The vulnerability is caused due to the improper verification of uploaded files via the Uploader script using 'upload' POST parameter which allows of arbitrary...

Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities

Summary Rumba is a terminal emulation solution with UI User Interface modernization properties. Rumba and Rumba+ allows users to connect to so-called 'legacy systems' typically a mainframe via desktop, web and mobile. Description Rumba+ software package suffers from multiple stack buffer overflow...

EduSec 4.2.5 Multiple SQL Injection Vulnerabilities

Summary EduSec has a suite of selective modules specifically tailored to the requirements of education industry. EduSec is engineered and designed considering wide range of management functions within the university. With the use of EduSec, staff can be more accountable as it helps to know the...

Real Estate Portal v4.1 Remote Code Execution and Persistent XSS Vulnerabilities

Summary Real Estate Portal is a software written in PHP, allowing you to launch powerful and professional looking real estate portals with rich functionalities for the private sellers, buyers and real estate agents to list properties for sale or rent, search in the database, show featured ads and...

Operation Technology ETAP 14.1.0 Multiple Stack Buffer Overrun Vulnerabilities

Summary Enterprise Software Solution for Electrical Power Systems. ETAP is the most comprehensive electrical engineering software platform for the design, simulation, operation, and automation of generation, transmission, distribution, and industrial systems. As a fully integrated model-driven...

JobScript Open Redirection And Arbitrary Code Execution Vulnerability

Summary JobScript is inbuilt structured website was developed in PHP and MySQL database. It's a complete job script for those who wants to start a professional job portal website like naukri.com, monster.com, clickjobs.com or any such major job portals. Jobscript was designed and developed with t...

Operation Technology ETAP 14.1.0 Local Privilege Escalation

Summary Enterprise Software Solution for Electrical Power Systems. ETAP is the most comprehensive electrical engineering software platform for the design, simulation, operation, and automation of generation, transmission, distribution, and industrial systems. As a fully integrated model-driven...

Certec EDV atvise SCADA server 2.5.9 Privilege Escalation Vulnerability

Summary atvise scada is based on newest technologies and standards: The visualization in pure web technology as well as a consistent vertical object orientation based on OPC UA changes the world of process management systems. Description The application suffers from an unquoted search path issue...

ZeewaysCMS Multiple Vulnerabilities

Summary ZeewaysCMS is a Content Management System and a complete Web & Mobile Solution developed by Zeeways for Corporates, Individuals or any kind of Business needs. Description ZeewaysCMS suffers from a file inclusion vulnerability LFI when encoded input passed thru the 'targeturl' GET paramete...

Ajaxel CMS 8.0 Multiple Vulnerabilities

Summary Ajaxel CMS is very simple ajaxified CMS and framework for any project needs. Description Ajaxel CMS version 8.0 and below suffers from multiple vulnerabilities inlcuding LFI, XSS, SQL injection and remote code execution via CSRF. Ajaxel CMS 8.0 Multiple Vulnerabilities Vendor: Ajaxel...

NationBuilder Multiple Stored XSS Vulnerabilities

Summary NationBuilder is a unique nonpartisan community organizing system that brings together a comprehensive suite of tools that today's leaders and creators need to gather their tribes. Deeply social. Description The application suffers from multiple stored XSS vulnerabilities. Input passed to...

OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability

Summary OpenWGA is an advanced open source java based enterprise CMS platform featuring real WYSIWYG, a state of the art CMS IDE and more. Description OpenWGA suffers from a cross-site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being...

OpenWGA Developer Studio 3.1.0 OpenDialog Arbitrary Code Execution

Summary The OpenWGA Developer Studio packages an OpenWGA CMS server together with all necessary development and deployment tools to create, develop, deploy, share and maintain your OpenWGA CMS applications. Description The application suffers from an arbitrary code execution vulnerability when...

Hikvision Digital Video Recorder Cross-Site Request Forgery

Summary Hikvision is the global leader of video surveillance products and solutions, manufactures a wide range of top-quality, reliable, and professional solutions. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity chec...

Asbru Web Content Management System v9.2.7 Multiple Vulnerabilities

Summary Ready to use, full-featured, database-driven web content management system CMS with integrated community, databases, e-commerce and statistics modules for creating, publishing and managing rich and user-friendly Internet, Extranet and Intranet websites. Description Asbru WCM suffers from...

Sophos Cyberoam NG Series Multiple Cross-Site Scripting Vulnerabilities

Summary Cyberoam NG series of Unified Threat Management appliances are the Next-Generation network security appliances that include UTM security features along with performance required for future networks. The NG series for SMEs are the 'fastest UTMs' made for this segment. The best-in-class...

MOBOTIX Video Security Cameras CSRF Add Admin Exploit

Summary MOBOTIX is a German System Manufacturer of Professional Video Management VMS and Smart IP Cameras. These cameras support all standard features of MOBOTIX IP cameras like automatic object detection, messaging via network and onboard or network recording. The dual lens thermal system suppor...

Netwrix Auditor 7.1.322.0 ActiveX (sourceFile) Stack Buffer Overflow Vulnerability

Summary Netwrix Auditor is an IT audit software that maximizes visibility of IT infrastructure changes and data access. The product provides actionable audit data about who changed what, when and where and who has access to what. Description The application suffers from a stack-based buffer...

Crouzet em4 soft 1.1.04 Integer Division By Zero

Summary em4 is more than just a nano-PLC. It is a leading edge device supported by best-in-class tools that enables you to create and implement the smartest automation applications. Description em4 soft suffers from a division by zero attack when handling Crouzet Logic Software Document '.pm4'...

Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 Insecure File Permissions

Summary em4 is more than just a nano-PLC. It is a leading edge device supported by best-in-class tools that enables you to create and implement the smartest automation applications. Millenium 3 M3 is easy to program and to implement, it enables the control and monitoring of machines and automatio...

Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities

Summary Infor® CRM, formerly Saleslogix, is an award-winning customer relationship management CRM solution that provides a complete view of customer interactions, so your business can collaborate and respond promptly and knowledgably to customer inquiries, sales opportunities, and service request...

ManageEngine Firewall Analyzer 8.5 SP-5.0 Multiple XSS Vulnerabilities

Summary ManageEngine Firewall Analyzer is an agent-less log analytics and configuration management software that helps network administrators to centrally collect, archive, analyze their security device logs and generate forensic reports out of it. Description Firewall Analyzer suffers from...

Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers

Summary Ignition is a powerful industrial application platform with fully integrated development tools for building SCADA, MES, and IIoT solutions. Description Remote unauthenticated atackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server...

Delta Industrial Automation DCISoft 1.12.09 Stack Buffer Overflow Exploit

Summary DCISoft is a integrated configuration tool of Delta network modules DVPEN01-SL, RTU-EN01, IFD9506, IFD9507, DVPSCM12-SL, DVPSCM52-SL for WINDOWS operation system. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to...

Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder

Summary Your new software for the configuration of Wieland terminal rails. wieplan enables you to plan a complete terminal rail in a very simple way and to then place an order with Wieland. The configured terminal rail can be stored in DXF format and read into a CAD tool for further processing. D...

Baumer VeriSens Application Suite 2.6.2 Buffer Overflow Vulnerability

Summary The Baumer Application Suite is the intuitive configuration software for VeriSens vision sensors, which makes it quick and simple for even new users to implement image processing tasks. Starting with the creation of test tasks through to the management of jobs, the program will take you...

Autonics DAQMaster 1.7.3 DQP Parsing Buffer Overflow Code Execution

Summary DAQMaster is comprehensive device management program that can be used with Autonics thermometers, panel meters, pulse meters, and counters, etc and with Konics recorders, indicators. DAQMaster provides GUI control for easy and convenient management of parameters and multiple device data...

Hippo CMS 10.1 XML External Entity Information Disclosure Vulnerability

Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description XXE XML External Entity processing through upload of SVG images in the CMS, and through XML import in the CMS Console application. Hippo CMS 10.1 XML External Enti...

Hippo CMS 10.1 Stored Cross-Site Scripting Vulnerability

Summary Hippo CMS is an open source Java CMS. We built it so you can easily integrate it into your existing architecture. Description Hippo CMS suffers from a stored XSS vulnerability. Input passed thru the POST parameters 'groupname' and 'description' is not sanitized allowing the attacker to...

HP Client Security Manager 8.3.4 Cross-Site Scripting Vulnerability

Summary HP Client Security Manager provides enhanced Windows login and website single-sign-on capabilities. Security Manager is also the host for HP Client Security plugins and should be installed before other Client Security modules. This package is provided for supported notebook models running...

iScripts EasyCreate 3.0 Remote Code Execution Exploit

Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...

iScripts EasyCreate 3.0 Multiple Vulnerabilities

Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...

BlueControl 3.5 SR5 Insecure Library Loading Arbitrary Code Execution

Summary Engineering Tool for West Pro Series of controllers KS20-1, KS92-1, TB40-1, KS800, KS816, Dig280-1, KS vario, CI45, KS45, SG45, TB45, RL400, Pro96, CAL4600. Description BlueControl suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries...

Art Systems FluidDraw P5/S5 5.3n Binary Planting Arbitrary Code Execution

Summary Fluiddraw enables the creation of electrical and pneumatic circuit diagrams. The tool makes it easier to plan complete systems and implement individual components. Users access the Festo catalogue and their own imported databases and can thus benefit from evaluation functions and created...

WEG SuperDrive G2 v12.0.0 Insecure File Permissions

Summary SuperDrive is a Windows graph tool for parameter setting, control and monitor of WEG Drives. It permits to edit directly in the drive online parameters, or to edit offline parameter files stored in the microcomputer. It enables you to store parameters of all drives that exist in the...