dbaudio R1 v2.14.4 DNS-SD Service Unquoted Service Path Privilege Escalation

Summary The R1 Remote control software succeeds the d&b ROPE C software. It is a software package designed to operate d&b amplifiers D12, D6, E-PAC with Display remotely using the d&b Remote network based on CAN-Bus technology. Description The application suffers from an unquoted search path issu...

Applications Manager 12.5 Arbitrary Command Execution Exploit

Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...

Manage Engine Applications Manager 12 Multiple Vulnerabilities

Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...

dotCMS 3.2.4 Multiple Vulnerabilities

Summary DotCMS is the next generation of Content Management System CMS. Quick to deploy, open source, Java-based, open APIs, extensible and massively scalable, dotCMS can rapidly deliver personalized, engaging multi-channel sites, web apps, campaigns, one-pagers, intranets - all types of content...

GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege

Summary Reliance is a professional SCADA/HMI system designed for the visualization and control of industrial processes and for building automation. Description The application suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of...

OpenMRS 2.3 (1.11.4) XML External Entity (XXE) Processing PoC Exploit

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

OpenMRS 2.3 (1.11.4) Expression Language Injection Vulnerability

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

OpenMRS 2.3 (1.11.4) Multiple Cross-Site Scripting Vulnerabilities

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

OpenMRS 2.3 (1.11.4) Local File Disclosure Vulnerability

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions

Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...

iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions

Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...

iniNet SpiderControl SCADA Editor 6.30.01 Insecure File Permissions

Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...

Circutor PowerStudio SCADA 4.0.5 Unquoted Service Path Elevation Of Privilege

Summary CIRCUTOR's Electrical Energy Efficiency software e3 is currently called PowerStudio and encompasses all of the tools needed to manage your power control equipment: from electricity, gas and water meters to reactive energy compensation systems and powerful power analyzers. Description The...

Zenario CMS 7.0.7c Remote Code Execution Vulnerability

Summary Zenario is a web-based content management system for sites with one or many languages. It's designed to grow with your site, adding extranet, online database and custom functionality when you need it. Description The vulnerability is caused due to the improper verification of uploaded fil...

TECO JN5 L510-DriveLink 1.482 SEH Overwrite Buffer Overflow Exploit

Summary JN5 DriveLink is a free program that enables you to configure the AC Motor Drive, 510 Series PC-Link. It provides support for sleep and fire modes favourable for pumps, fans, compressors, and HVAC and communication network protocol of Modbus/ BACnet/ Metasys N2. Description The...

TECO AP-PCLINK 1.094 TPC File Handling Buffer Overflow Vulnerability

Summary AP-PCLINK is the supportive software for TP03 or AP series, providing three edit modes as LADDER, IL, FBDand SFC, by which programs can be input rapidly and correctly. Every form written into the TP03 or AP series and AP-PCLINK can be monitored in the form of the data. Description The...

TECO SG2 LAD Client 3.51 SEH Overwrite Buffer Overflow Exploit

Summary SG2 Client is a program that enables to create and edit applications. The program is providing two edit modes, LADDER and FBD to rapidly and directly input the required app. The Simulation Mode allows users to virtually run and test the program before it is loaded to the controller...

TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Vulnerability

Summary SG2 Client is a program that enables to create and edit applications. The program is providing two edit modes, LADDER and FBD to rapidly and directly input the required app. The Simulation Mode allows users to virtually run and test the program before it is loaded to the controller...

TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability

Summary TP3-PCLINK Software is the supportive software for TP03, providing three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input rapidly and correctly. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited ...

R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities

Summary PHP Vacation Rental Script is the best solution for your vacation rentals online business. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions...

actiTIME 2015.2 Multiple Vulnerabilities

Summary actiTIME is a web timesheet software. It allows you to enter time spent on different work assignments, register time offs and sick leaves, and then create detailed reports covering almost any management or accounting needs. Description The application suffers from multiple security...

Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities

Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...

Realtyna RPL 8.9.2 Joomla Extension Multiple SQL Injection Vulnerabilities

Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...

RealtyScript v4.0.2 Multiple Time-based Blind SQL Injection Vulnerabilities

Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...

RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities

Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...

Dream CMS 2.3.0 CSRF Add Extension And File Upload PHP Code Execution

Summary DreamCMS is open and completely free PHP web application for constructing websites of any complexity. Description Dream CMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain...

Kallithea 0.2.9 (came_from) HTTP Response Splitting Vulnerability

Summary Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that supports two leading version control systems, Mercurial and Git, and has a web interface that is easy to use for users and admins. Description Kallithea suffers from...

Centreon 2.6.1 Command Injection Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The POST parameter 'persistant' which serves for making a new service run in the background is not properly...

Centreon 2.6.1 CSRF Add Admin Exploit

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The application allows users to perform certain actions via HTTP requests without performing any validity chec...

Centreon 2.6.1 Unrestricted File Upload Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The vulnerability is caused due to the improper verification of uploaded files via the 'filename' POST...

Mango Automation 2.6.0 Remote XSS POST Injection Vulnerability

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application is prone to a...

Mango Automation 2.6.0 CSRF Add Admin Exploit

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

Mango Automation 2.6.0 Unprotected Debug Log View Vulnerability

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description Mango Automation suffers from...

Mango Automation 2.6.0 User Enumeration Weakness

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The weakness is caused due to...

Mango Automation 2.6.0 CSRF File Upload And Arbitrary JSP Code Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description Mango suffers from an...

Mango Automation 2.6.0 CSRF Arbitrary Command Execution Exploit

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The POST parameter 'c0-param0...

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...

Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description Centreon suffers from a stored XSS vulnerability. Input passed thru the POST parameter 'imgcomment' is not...

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials

Summary Designed with simplicity in mind, TP-LINK's Cloud Cameras are a fast and trouble free way to keep track on what's going on in and around your home. Video monitoring, recording and sharing has never been easier with the use of TP-LINK’s Cloud service. The excitement of possibilities never...

up.time 7.5.0 Superadmin Privilege Escalation Exploit

Summary The next-generation of IT monitoring software. Description up.time suffers from a privilege escalation issue. Normal user can elevate his/her privileges by sending a POST request seting the parameter 'userroleid' to 1. Attacker can exploit this issue using also cross-site request forgery...

up.time 7.5.0 XSS And CSRF Add Admin Exploit

Summary The next-generation of IT monitoring software. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-i...

up.time 7.5.0 Arbitrary File Disclose And Delete Exploit

Summary The next-generation of IT monitoring software. Description Input passed to the 'filename' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local...

up.time 7.5.0 Upload And Execute File Exploit

Summary The next-generation of IT monitoring software. Description up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF,...

Microweber v1.0.3 Stored XSS And CSRF Add Admin Exploit

Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description The application allows users to perform certain actions via HTTP requests without performing any validity...

Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution

Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description Microweber suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due t...

ArticleFR 3.0.6 Multiple Script Injection Vulnerabilities

Summary A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Description ArticleFR suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter...

ArticleFR 3.0.6 CSRF Add Admin Exploit

Summary A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This c...

Cisco AnyConnect Secure Mobility Client Remote Command Execution

Summary Cisco AnyConnect Secure Mobility Solution empowers your employees to work from anywhere, on corporate laptops as well as personal mobile devices, regardless of physical location. It provides the security necessary to help keep your organization’s data safe and protected. Description The...

Netlux Antivirus 1.0.1.8 Session Manager Service Privilege Escalation

Summary Netlux Antivirus is an award-winning product that provides comprehensive protection against all types of viruses,trojans,malwares and spywares, secures your data, protects your privacy and ensures your PC remains virus-free. Description The Netlux Antivirus suffers from an unquoted search...

IBM Cognos Business Intelligence Developer 10.2.1 (backURL) Open Redirect

Summary IBM Cognos Business Intelligence is a web-based, integrated business intelligence suite by IBM. It provides a toolset for reporting, analysis, scorecarding, and monitoring of events and metrics. The software consists of several components to meet the different information requirements in ...