1109 matches found
HP Client Security Manager 8.3.4 Cross-Site Scripting Vulnerability
Summary HP Client Security Manager provides enhanced Windows login and website single-sign-on capabilities. Security Manager is also the host for HP Client Security plugins and should be installed before other Client Security modules. This package is provided for supported notebook models running...
iScripts EasyCreate 3.0 Remote Code Execution Exploit
Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...
iScripts EasyCreate 3.0 Multiple Vulnerabilities
Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...
BlueControl 3.5 SR5 Insecure Library Loading Arbitrary Code Execution
Summary Engineering Tool for West Pro Series of controllers KS20-1, KS92-1, TB40-1, KS800, KS816, Dig280-1, KS vario, CI45, KS45, SG45, TB45, RL400, Pro96, CAL4600. Description BlueControl suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries...
Art Systems FluidDraw P5/S5 5.3n Binary Planting Arbitrary Code Execution
Summary Fluiddraw enables the creation of electrical and pneumatic circuit diagrams. The tool makes it easier to plan complete systems and implement individual components. Users access the Festo catalogue and their own imported databases and can thus benefit from evaluation functions and created...
WEG SuperDrive G2 v12.0.0 Insecure File Permissions
Summary SuperDrive is a Windows graph tool for parameter setting, control and monitor of WEG Drives. It permits to edit directly in the drive online parameters, or to edit offline parameter files stored in the microcomputer. It enables you to store parameters of all drives that exist in the...
dbaudio R1 v2.14.4 DNS-SD Service Unquoted Service Path Privilege Escalation
Summary The R1 Remote control software succeeds the d&b ROPE C software. It is a software package designed to operate d&b amplifiers D12, D6, E-PAC with Display remotely using the d&b Remote network based on CAN-Bus technology. Description The application suffers from an unquoted search path issu...
Manage Engine Applications Manager 12 Multiple Vulnerabilities
Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...
Applications Manager 12.5 Arbitrary Command Execution Exploit
Summary ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help businesses ensure their revenue-critical applications meet end user expectations. Applications Manager offers out-of-the-box monitoring support for...
dotCMS 3.2.4 Multiple Vulnerabilities
Summary DotCMS is the next generation of Content Management System CMS. Quick to deploy, open source, Java-based, open APIs, extensible and massively scalable, dotCMS can rapidly deliver personalized, engaging multi-channel sites, web apps, campaigns, one-pagers, intranets - all types of content...
OpenMRS 2.3 (1.11.4) Local File Disclosure Vulnerability
Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...
OpenMRS 2.3 (1.11.4) Expression Language Injection Vulnerability
Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...
OpenMRS 2.3 (1.11.4) Multiple Cross-Site Scripting Vulnerabilities
Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...
GEOVAP Reliance 4 Control Server Unquoted Service Path Elevation Of Privilege
Summary Reliance is a professional SCADA/HMI system designed for the visualization and control of industrial processes and for building automation. Description The application suffers from an unquoted search path issue impacting the service 'RelianceOpcDaWrapper' for Windows deployed as part of...
OpenMRS 2.3 (1.11.4) XML External Entity (XXE) Processing PoC Exploit
Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...
iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions
Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...
iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions
Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...
iniNet SpiderControl SCADA Editor 6.30.01 Insecure File Permissions
Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...
Circutor PowerStudio SCADA 4.0.5 Unquoted Service Path Elevation Of Privilege
Summary CIRCUTOR's Electrical Energy Efficiency software e3 is currently called PowerStudio and encompasses all of the tools needed to manage your power control equipment: from electricity, gas and water meters to reactive energy compensation systems and powerful power analyzers. Description The...
Zenario CMS 7.0.7c Remote Code Execution Vulnerability
Summary Zenario is a web-based content management system for sites with one or many languages. It's designed to grow with your site, adding extranet, online database and custom functionality when you need it. Description The vulnerability is caused due to the improper verification of uploaded fil...
TECO SG2 LAD Client 3.51 SEH Overwrite Buffer Overflow Exploit
Summary SG2 Client is a program that enables to create and edit applications. The program is providing two edit modes, LADDER and FBD to rapidly and directly input the required app. The Simulation Mode allows users to virtually run and test the program before it is loaded to the controller...
TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability
Summary TP3-PCLINK Software is the supportive software for TP03, providing three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input rapidly and correctly. Description The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited ...
TECO SG2 FBD Client 3.51 SEH Overwrite Buffer Overflow Vulnerability
Summary SG2 Client is a program that enables to create and edit applications. The program is providing two edit modes, LADDER and FBD to rapidly and directly input the required app. The Simulation Mode allows users to virtually run and test the program before it is loaded to the controller...
TECO JN5 L510-DriveLink 1.482 SEH Overwrite Buffer Overflow Exploit
Summary JN5 DriveLink is a free program that enables you to configure the AC Motor Drive, 510 Series PC-Link. It provides support for sleep and fire modes favourable for pumps, fans, compressors, and HVAC and communication network protocol of Modbus/ BACnet/ Metasys N2. Description The...
TECO AP-PCLINK 1.094 TPC File Handling Buffer Overflow Vulnerability
Summary AP-PCLINK is the supportive software for TP03 or AP series, providing three edit modes as LADDER, IL, FBDand SFC, by which programs can be input rapidly and correctly. Every form written into the TP03 or AP series and AP-PCLINK can be monitored in the form of the data. Description The...
R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities
Summary PHP Vacation Rental Script is the best solution for your vacation rentals online business. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions...
actiTIME 2015.2 Multiple Vulnerabilities
Summary actiTIME is a web timesheet software. It allows you to enter time spent on different work assignments, register time offs and sick leaves, and then create detailed reports covering almost any management or accounting needs. Description The application suffers from multiple security...
Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities
Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...
Realtyna RPL 8.9.2 Joomla Extension Multiple SQL Injection Vulnerabilities
Summary Realtyna CRM Client Relationship Management Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Lea...
RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities
Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...
RealtyScript v4.0.2 Multiple Time-based Blind SQL Injection Vulnerabilities
Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...
Dream CMS 2.3.0 CSRF Add Extension And File Upload PHP Code Execution
Summary DreamCMS is open and completely free PHP web application for constructing websites of any complexity. Description Dream CMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain...
Kallithea 0.2.9 (came_from) HTTP Response Splitting Vulnerability
Summary Kallithea, a member project of Software Freedom Conservancy, is a GPLv3'd, Free Software source code management system that supports two leading version control systems, Mercurial and Git, and has a web interface that is easy to use for users and admins. Description Kallithea suffers from...
Centreon 2.6.1 CSRF Add Admin Exploit
Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The application allows users to perform certain actions via HTTP requests without performing any validity chec...
Centreon 2.6.1 Command Injection Vulnerability
Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The POST parameter 'persistant' which serves for making a new service run in the background is not properly...
Centreon 2.6.1 Unrestricted File Upload Vulnerability
Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The vulnerability is caused due to the improper verification of uploaded files via the 'filename' POST...
Mango Automation 2.6.0 CSRF File Upload And Arbitrary JSP Code Execution
Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description Mango suffers from an...
Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability
Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description Centreon suffers from a stored XSS vulnerability. Input passed thru the POST parameter 'imgcomment' is not...
Mango Automation 2.6.0 User Enumeration Weakness
Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The weakness is caused due to...
Mango Automation 2.6.0 CSRF Arbitrary Command Execution Exploit
Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The POST parameter 'c0-param0...
Mango Automation 2.6.0 Unprotected Debug Log View Vulnerability
Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description Mango Automation suffers from...
Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution
Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...
Mango Automation 2.6.0 Remote XSS POST Injection Vulnerability
Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application is prone to a...
Mango Automation 2.6.0 CSRF Add Admin Exploit
Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials
Summary Designed with simplicity in mind, TP-LINK's Cloud Cameras are a fast and trouble free way to keep track on what's going on in and around your home. Video monitoring, recording and sharing has never been easier with the use of TP-LINK’s Cloud service. The excitement of possibilities never...
up.time 7.5.0 Superadmin Privilege Escalation Exploit
Summary The next-generation of IT monitoring software. Description up.time suffers from a privilege escalation issue. Normal user can elevate his/her privileges by sending a POST request seting the parameter 'userroleid' to 1. Attacker can exploit this issue using also cross-site request forgery...
up.time 7.5.0 XSS And CSRF Add Admin Exploit
Summary The next-generation of IT monitoring software. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-i...
up.time 7.5.0 Upload And Execute File Exploit
Summary The next-generation of IT monitoring software. Description up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF,...
up.time 7.5.0 Arbitrary File Disclose And Delete Exploit
Summary The next-generation of IT monitoring software. Description Input passed to the 'filename' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local...
Microweber v1.0.3 File Upload Filter Bypass Remote PHP Code Execution
Summary Microweber is an open source drag and drop PHP/Laravel CMS licensed under Apache License, Version 2.0 which allows you to create your own website, blog or online shop. Description Microweber suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due t...