Lucene search
K
ZeroscienceRecent

1109 matches found

Zero Science Lab
Zero Science Lab
added 2016/01/28 12:0 a.m.45 views

HP Client Security Manager 8.3.4 Cross-Site Scripting Vulnerability

Summary HP Client Security Manager provides enhanced Windows login and website single-sign-on capabilities. Security Manager is also the host for HP Client Security plugins and should be installed before other Client Security modules. This package is provided for supported notebook models running...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/28 12:0 a.m.44 views

iScripts EasyCreate 3.0 Remote Code Execution Exploit

Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/28 12:0 a.m.35 views

iScripts EasyCreate 3.0 Multiple Vulnerabilities

Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/19 12:0 a.m.70 views

BlueControl 3.5 SR5 Insecure Library Loading Arbitrary Code Execution

Summary Engineering Tool for West Pro Series of controllers KS20-1, KS92-1, TB40-1, KS800, KS816, Dig280-1, KS vario, CI45, KS45, SG45, TB45, RL400, Pro96, CAL4600. Description BlueControl suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/17 12:0 a.m.212 views

Art Systems FluidDraw P5/S5 5.3n Binary Planting Arbitrary Code Execution

Summary Fluiddraw enables the creation of electrical and pneumatic circuit diagrams. The tool makes it easier to plan complete systems and implement individual components. Users access the Festo catalogue and their own imported databases and can thus benefit from evaluation functions and created...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/16 12:0 a.m.74 views

WEG SuperDrive G2 v12.0.0 Insecure File Permissions

Summary SuperDrive is a Windows graph tool for parameter setting, control and monitor of WEG Drives. It permits to edit directly in the drive online parameters, or to edit offline parameter files stored in the microcomputer. It enables you to store parameters of all drives that exist in the...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/14 12:0 a.m.196 views

dbaudio R1 v2.14.4 DNS-SD Service Unquoted Service Path Privilege Escalation

Summary The R1 Remote control software succeeds the d&b ROPE C software. It is a software package designed to operate d&b amplifiers D12, D6, E-PAC with Display remotely using the d&b Remote network based on CAN-Bus technology. Description The application suffers from an unquoted search path issu...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/13 12:0 a.m.53 views

Manage Engine Applications Manager 12 Multiple Vulnerabilities

Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2016/01/13 12:0 a.m.57 views

Applications Manager 12.5 Arbitrary Command Execution Exploit

Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/08 12:0 a.m.37 views

dotCMS 3.2.4 Multiple Vulnerabilities

Summary DotCMS is the next generation of Content Management System CMS. Quick to deploy, open source, Java-based, open APIs, extensible and massively scalable, dotCMS can rapidly deliver personalized, engaging multi-channel sites, web apps, campaigns, one-pagers, intranets - all types of content...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/07 12:0 a.m.31 views

OpenMRS 2.3 (1.11.4) Local File Disclosure Vulnerability

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/07 12:0 a.m.36 views

OpenMRS 2.3 (1.11.4) Expression Language Injection Vulnerability

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/07 12:0 a.m.43 views

OpenMRS 2.3 (1.11.4) Multiple Cross-Site Scripting Vulnerabilities

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/07 12:0 a.m.45 views

GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege

Summary Reliance is a professional SCADA/HMI system designed for the visualization and control of industrial processes and for building automation. Description The application suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/07 12:0 a.m.33 views

OpenMRS 2.3 (1.11.4) XML External Entity (XXE) Processing PoC Exploit

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/06 12:0 a.m.52 views

iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions

Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/06 12:0 a.m.34 views

iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions

Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/06 12:0 a.m.36 views

iniNet SpiderControl SCADA Editor 6.30.01 Insecure File Permissions

Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/12/05 12:0 a.m.59 views

Circutor PowerStudio SCADA 4.0.5 Unquoted Service Path Elevation Of Privilege

Summary CIRCUTOR's Electrical Energy Efficiency software e3 is currently called PowerStudio and encompasses all of the tools needed to manage your power control equipment: from electricity, gas and water meters to reactive energy compensation systems and powerful power analyzers. Description The...

6.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/17 12:0 a.m.34 views

Zenario CMS 7.0.7c Remote Code Execution Vulnerability

Summary Zenario is a web-based content management system for sites with one or many languages. It's designed to grow with your site, adding extranet, online database and custom functionality when you need it. Description The vulnerability is caused due to the improper verification of uploaded fil...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/15 12:0 a.m.54 views

TECO SG2 LAD Client 3.51 SEH Overwrite Buffer Overflow Exploit

Summary SG2 Client is a program that enables to create and edit applications. The program is providing two edit modes, LADDER and FBD to rapidly and directly input the required app. The Simulation Mode allows users to virtually run and test the program before it is loaded to the controller...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/15 12:0 a.m.71 views

TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability

Summary TP3-PCLINK Software is the supportive software for TP03, providing three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input rapidly and correctly. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited ...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/15 12:0 a.m.41 views

TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Vulnerability

Summary SG2 Client is a program that enables to create and edit applications. The program is providing two edit modes, LADDER and FBD to rapidly and directly input the required app. The Simulation Mode allows users to virtually run and test the program before it is loaded to the controller...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/15 12:0 a.m.50 views

TECO JN5 L510-DriveLink 1.482 SEH Overwrite Buffer Overflow Exploit

Summary JN5 DriveLink is a free program that enables you to configure the AC Motor Drive, 510 Series PC-Link. It provides support for sleep and fire modes favourable for pumps, fans, compressors, and HVAC and communication network protocol of Modbus/ BACnet/ Metasys N2. Description The...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/15 12:0 a.m.85 views

TECO AP-PCLINK 1.094 TPC File Handling Buffer Overflow Vulnerability

Summary AP-PCLINK is the supportive software for TP03 or AP series, providing three edit modes as LADDER, IL, FBDand SFC, by which programs can be input rapidly and correctly. Every form written into the TP03 or AP series and AP-PCLINK can be monitored in the form of the data. Description The...

6.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/11/11 12:0 a.m.43 views

R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities

Summary PHP Vacation Rental Script is the best solution for your vacation rentals online business. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/10/31 12:0 a.m.90 views

actiTIME 2015.2 Multiple Vulnerabilities

Summary actiTIME is a web timesheet software. It allows you to enter time spent on different work assignments, register time offs and sick leaves, and then create detailed reports covering almost any management or accounting needs. Description The application suffers from multiple security...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/10/22 12:0 a.m.68 views

Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities

Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...

8.8CVSS7.5AI score0.03061EPSS
Exploits6
Zero Science Lab
Zero Science Lab
added 2015/10/22 12:0 a.m.160 views

Realtyna RPL 8.9.2 Joomla Extension Multiple SQL Injection Vulnerabilities

Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...

7.2CVSS7.3AI score0.02193EPSS
Exploits5
Zero Science Lab
Zero Science Lab
added 2015/10/19 12:0 a.m.38 views

RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities

Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/10/19 12:0 a.m.35 views

RealtyScript v4.0.2 Multiple Time-based Blind SQL Injection Vulnerabilities

Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/10/11 12:0 a.m.35 views

Dream CMS 2.3.0 CSRF Add Extension And File Upload PHP Code Execution

Summary DreamCMS is open and completely free PHP web application for constructing websites of any complexity. Description Dream CMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/10/07 12:0 a.m.85 views

Kallithea 0.2.9 (came_from) HTTP Response Splitting Vulnerability

Summary Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that supports two leading version control systems, Mercurial and Git, and has a web interface that is easy to use for users and admins. Description Kallithea suffers from...

5CVSS5.9AI score0.06039EPSS
Exploits6
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.53 views

Centreon 2.6.1 CSRF Add Admin Exploit

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The application allows users to perform certain actions via HTTP requests without performing any validity chec...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.48 views

Centreon 2.6.1 Command Injection Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The POST parameter 'persistant' which serves for making a new service run in the background is not properly...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.46 views

Centreon 2.6.1 Unrestricted File Upload Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The vulnerability is caused due to the improper verification of uploaded files via the 'filename' POST...

6.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.89 views

Mango Automation 2.6.0 CSRF File Upload And Arbitrary JSP Code Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description Mango suffers from an...

6.5CVSS6.2AI score0.02783EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.29 views

Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description Centreon suffers from a stored XSS vulnerability. Input passed thru the POST parameter 'imgcomment' is not...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.104 views

Mango Automation 2.6.0 User Enumeration Weakness

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The weakness is caused due to...

5CVSS5.8AI score0.03498EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.104 views

Mango Automation 2.6.0 CSRF Arbitrary Command Execution Exploit

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The POST parameter 'c0-param0...

6.5CVSS6AI score0.03257EPSS
Exploits4
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.98 views

Mango Automation 2.6.0 Unprotected Debug Log View Vulnerability

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description Mango Automation suffers from...

4.3CVSS5.8AI score0.02946EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.130 views

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

6.5CVSS6.1AI score0.0129EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.156 views

Mango Automation 2.6.0 Remote XSS POST Injection Vulnerability

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application is prone to a...

3.5CVSS6AI score0.01747EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.526 views

Mango Automation 2.6.0 CSRF Add Admin Exploit

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

6.8CVSS5.8AI score0.01323EPSS
Exploits1
Zero Science Lab
Zero Science Lab
added 2015/09/14 12:0 a.m.171 views

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials

Summary Designed with simplicity in mind, TP-LINK's Cloud Cameras are a fast and trouble free way to keep track on what's going on in and around your home. Video monitoring, recording and sharing has never been easier with the use of TP-LINK’s Cloud service. The excitement of possibilities never...

5.8AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/08/19 12:0 a.m.31 views

up.time 7.5.0 Superadmin Privilege Escalation Exploit

Summary The next-generation of IT monitoring software. Description up.time suffers from a privilege escalation issue. Normal user can elevate his/her privileges by sending a POST request seting the parameter 'userroleid' to 1. Attacker can exploit this issue using also cross-site request forgery...

5.7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/08/19 12:0 a.m.38 views

up.time 7.5.0 XSS And CSRF Add Admin Exploit

Summary The next-generation of IT monitoring software. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-i...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/08/19 12:0 a.m.63 views

up.time 7.5.0 Upload And Execute File Exploit

Summary The next-generation of IT monitoring software. Description up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF,...

6AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/08/19 12:0 a.m.29 views

up.time 7.5.0 Arbitrary File Disclose And Delete Exploit

Summary The next-generation of IT monitoring software. Description Input passed to the 'filename' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local...

5.9AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/08/04 12:0 a.m.70 views

Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution

Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description Microweber suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due t...

6.2AI score
Exploits0
Total number of security vulnerabilities1109