ABB Cylon Aspect 3.08.01 (mapConfigurationDownload.php) Config Download

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated...

ABB Cylon Aspect 3.08.00 (sslCertAjax.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

ABB Cylon Aspect 3.08.00 (yumSettings.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller uses a weak set of default administrative...

ABB Cylon Aspect 3.08.00 (dialupSwitch.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

ABB Cylon Aspect 3.08.01 (persistenceManagerAjax.php) Directory Traversal

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller has a directory traversal vulnerability that c...

ABB Cylon Aspect 3.07.02 (sshUpdate.php) Unauthenticated Remote SSH Service Control

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from a vulnerability that allows an...

ABB Cylon Aspect 3.08.00 (syslogSwitch.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

ABB Cylon Aspect 3.08.01 (calendarFileDelete.php) Arbitrary File Deletion

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...

ABB Cylon Aspect 3.08.01 (caldavUtil.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...

ABB Cylon Aspect 3.08.00 (setTimeServer.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

ABB Cylon Aspect 3.08.01 (logYumLookup.php) Unauthenticated File Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The building management system suffers from an unauthenticated...

ABB Cylon Aspect 3.07.02 (downloadDb.php) Authenticated File Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The building management system suffers from an authenticated arbitrar...

ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is operating with default and hard-coded...

ABB Cylon Aspect 3.07.00 (networkDiagAjax.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...

ABB Cylon Aspect 3.08.01 (bigUpload.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from a remote code execution...

ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Arbitrary File Delete

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The BMS/BAS controller suffers from an arbitrary file deletion...

Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure

Summary Vandal-resistant Door Phone for High-end Buildings. Offering top-of-the-line features, Akuvox X912 is targeted at high-end residential and commercial projects. With a compact size, it is perfect for buildings with limited installation space. Description The application suffers from an...

Deep Sea Electronics DSE855 Remote Authentication Bypass

Summary The DSE855 communications device allows monitoring of a single DSE controller with USB connectivity over a LAN or WAN connection. To achieve this the DSE855 utilises its in-built web server or MODBUS TCP. In order to use over a LAN connection the on-site router must be configured to be...

Aquatronica Control System 5.1.6 Passwords Leak Vulnerability

Summary Aquatronica's electronic AQUARIUM CONTROLLER is easy to use, allowing you to control all the electrical devices in an aquarium and to monitor all their parameters; it can be used for soft water aquariums, salt water aquariums or both simultaneously. Description The tcp.php endpoint on the...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config

Summary Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config

Summary The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a basic chassis with 4 extractable boards which makes maintenance and critical operations, like frequency modification, easy and efficient. The modular approach has...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass

Summary ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and distribution market, where quality and reliability are most important. The Elber IRD Integrated Receiver Decoder ESE-01 offers a professional audio quality and composite video at an excellent...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass

Summary The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a basic chassis with 4 extractable boards which makes maintenance and critical operations, like frequency modification, easy and efficient. The modular approach has...

Elber Wayber Analog/Digital Audio STL 4.00 Device Config

Summary Wayber II is the name of an analogue/digital microwave link able to transport a Mono or a MPX stereo signal from studio to audio transmitter. Compact and reliable, it features very high quality and modern technology both in signal processing and microwave section leading to outstanding...

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

Summary Wayber II is the name of an analogue/digital microwave link able to transport a Mono or a MPX stereo signal from studio to audio transmitter. Compact and reliable, it features very high quality and modern technology both in signal processing and microwave section leading to outstanding...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config

Summary ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and distribution market, where quality and reliability are most important. The Elber IRD Integrated Receiver Decoder ESE-01 offers a professional audio quality and composite video at an excellent...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Summary The SIGNUM controller from Elber satellite equipment demodulates one or two DVB-S/ S2 signals up to 32APSK single/multi-stream, achieving 256 KS/s as minimum symbol rate. The TS demodulated signals can be aligned and configured in 1+1 seamless switching for redundancy. Redundancy can also...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config

Summary The SIGNUM controller from Elber satellite equipment demodulates one or two DVB-S/ S2 signals up to 32APSK single/multi-stream, achieving 256 KS/s as minimum symbol rate. The TS demodulated signals can be aligned and configured in 1+1 seamless switching for redundancy. Redundancy can also...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass

Summary Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and...

Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit

Summary The TRA7000 series is a set of products dedicated to broadcast, designed to guarantee an excellent quality-price ratio in compliance with current regulations and intended for individual broadcasters or radio networks. All models in the TRA7000 series are fully digital, using only...

Tosibox Key Service 3.3.0 Local Privilege Escalation

Summary TOSIBOX® SoftKey is a software that enables a secure connection between your computer and one or more TOSIBOX® Nodes, giving you full visibility and control over the network devices connected to the Node. Description The application suffers from an unquoted search path issue impacting the...

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account

Summary Professional FM transmitters. Description The transmitter has a hidden super administrative account 'factory' that has the hardcoded password 'inokram25' that allows full access to the web management interface configuration. The factory account is not visible in the users page of the...

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password

Summary Professional FM transmitters. Description Unauthorized user could exploit this vulnerability to change his/her password, potentially gaining unauthorized access to sensitive information or performing actions beyond her/his designated permissions. TELSAT marKoni FM Transmitter 1.9.5 Insecu...

TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass

Summary Professional FM transmitters. Description The application implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations. TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit

Summary Professional FM transmitters. Description The marKoni FM transmitters are susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the 'wget'...

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

Summary R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Description The transmitter suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user...

OctoberCMS v3.4.0 (Author) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

OctoberCMS v3.4.0 (About) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

OctoberCMS v3.4.0 (Wiki_article) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

OctoberCMS v3.4.0 (Category) Stored Cross-Site Scripting Vulnerability

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting Vulnerabilities

Summary OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework. It supports MySQL, SQLite and PostgreSQL for the database back end and uses a flat file database for the front end structure. The October CMS covers a ran...

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

Summary The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the lar...

TEM Opera Plus FM Family Transmitter 35.45 XSRF

Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in compact solutions. They have innovative functions and features that can eliminate the costs required by additional equipment: automatic exchange of audio sources,...

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution

Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in compact solutions. They have innovative functions and features that can eliminate the costs required by additional equipment: automatic exchange of audio sources,...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of Service

Summary The transmitter Blue Plus is designed with all the latest technologies, such as high efficiency using the latest generation LDMOS transistor and high efficiency power supplies. We used a modern interface and performance using a color display with touch screen, with easy management softwar...

NLB mKlik Makedonija 3.3.12 SQL Injection

Summary NLB mKlik е мобилна апликација наменета за физички лица, корисници на услугите на НЛБ Банка, која овозможува преглед на различните продукти кои корисниците ги имаат во Банката како и извршување на различни видови на трансакции на едноставен и пред се безбеден начин во било кој период од...

Electrolink FM/DAB/TV Transmitter Remote Authentication Removal

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...