1109 matches found
ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability
Summary Protege GX is an enterprise level integrated access control, intrusion detection and building automation solution with a feature set that is easy to operate, simple to integrate and effortless to extend. Protege WX is an all-in-one, web-based, cross-platform system that gives you a fully...
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD
Summary Scadaflex II controllers are 100% web based for both configuration and user interface. No applications are required other than any standard web browser. They are easily supported by remote access over the Internet or a cellular link. Scadaflex II controllers support industry standard wire...
H3C SSL VPN Username Enumeration
Summary H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees to access corporate networks remotely in an easy and secure way. The H3C SSL VPN devices are a new generation of professional SSL VPN devices for enterprises. They can function as ingress gateways as...
Fetch Softworks Fetch FTP Client 5.8 Remote CPU Consumption (Denial of Service)
Summary Fetch is a reliable, full-featured file transfer client for the Apple Macintosh whose user interface emphasizes simplicity and ease of use. Fetch supports FTP and SFTP, the most popular file transfer protocols on the Internet for compatibility with thousands of Internet service providers,...
OpenBMCS 2.4 CSRF Send E-mail
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
OpenBMCS 2.4 Unauthenticated SSRF / RFI
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
OpenBMCS 2.4 Authenticated SQL Injection
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
OpenBMCS 2.4 Create Admin / Remote Privilege Escalation
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
OpenBMCS 2.4 Secrets Disclosure
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control
Summary CLOKI is the pre-installed application on our terminals that provides simple to use access control management and attendance monitoring using any browser IE, Chrome, Firefox, etc.. It is suited for anyone looking for a stand-alone Access Control and Attendance Monitoring system where the...
meterN v1.2.3 Authenticated Remote Command Execution Vulnerability
Summary meterN is a set of PHP/JS files that make a -Home energy metering & monitoring- solution. It accept any meters like : electrical, water, gas, fuel consumption, solar, Wind energy production and so on. Sensors such as temperature or humidity are also accepted. The philosophy is: To keep it...
i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw
Summary The Annexxus camera 6MP provides 4 simultaneous, independently controlled digital pan-tilt-zoom ePTZ video streams, which may be recorded or viewed live as well as a built-in microphone and speaker allowing two way communication. Description The application doesn't allow creation of more...
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection
Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...
Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root (Telnet/SSH)
Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...
FatPipe Networks WARP 10.2.2 Authorization Bypass
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access)
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
ECOA Building Automation System Hidden Backdoor Accounts and backdoor() Function
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Local File Disclosure Vulnerability
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Path Traversal Arbitrary File Upload
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Directory Traversal Content Disclosure
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Weak Default Credentials
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Arbitrary File Deletion
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Authorization Bypass / IDOR
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Cross-Site Request Forgery
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Cookie Poisoning Authentication Bypass
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Configuration Download Information Disclosure
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Hard-coded Credentials SSH Access
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Missing Encryption Of Sensitive Information
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Remote Privilege Escalation
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass
Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application suffers from an SQL Injection vulnerability. Input passed through the 'id' POST parameter in 'loginstart.asp' is not properly...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose RTSP credentials in plain-text. COMMAX Smart Home Ruvie...
COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure
Summary COMMAX offers a wide range of proven AHD CCTV systems to meet customer needs and convenience in single or multi-family homes. Description The web control panel uses weak set of default administrative credentials that can be easily guessed in remote password attacks and disclose RTSP strea...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application allows an unauthenticated attacker to change the configuration of the DVR arguments and/or cause denial-of-service scenario throug...
COMMAX UMS Client ActiveX Control 1.7.0.2 (CNC_Ctrl.dll) Heap Buffer Overflow
Summary COMMAX activex web viewer client 32bit for COMMAX DVR/NVR. Description The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a heap based buffer overflow when a user inserts overly long array of string bytes through several...
COMMAX WebViewer ActiveX Control 2.1.4.5 (Commax_WebViewer.ocx) Buffer Overflow
Summary COMMAX activex web viewer client 32bit for COMMAX DVR/NVR. Description The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a buffer overflow when a user inserts overly long array of string bytes through several functions...
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
Summary Biometric access control system. Description The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings...
COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS
Summary Biometric access control system. Description The application is vulnerable to an unauthenticated reflected cross-site scripting XSS vulnerability. Input passed to the Cookies 'CMXADMINNM' and 'CMXCOMPLEXNM' is not properly sanitised before being returned to the user. This can be exploited...
Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password
Summary SANYO network camera and network optional board with the latest H.264 compression technology provide the optimum surveillance applications with high quality real time moving image at low bandwidth. Simultaneous stream of H.264 and JPEG data and also COAX video out to provide flexible...
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
Summary Battery Energy Management System. Description The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited t...
IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration
Summary IntelliChoice is a United States software company that was founded in 2003, and offers a software title called eFORCE Software Suite. eFORCE Software Suite is law enforcement software, and includes features such as case management, court management, crime scene management, criminal...
KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass
Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...
KevinLAB BEMS 1.0 Undocumented Backdoor Account
Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...
KevinLAB BEMS 1.0 Authenticated File Path Traversal Information Disclosure
Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...
Ricon Industrial Cellular Router S9922XL Remote Command Execution
Summary S9922L series LTE router is designed and manufactured by Ricon Mobile Inc., it based on 3G/LTE cellular network technology with industrial class quality. With its embedded cellular module, it widely used in multiple case like ATM connection, remote office security connection, data...
Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation
Summary Easy Anti-Cheat is the industry-leading anti–cheat service, countering hacking and cheating in multiplayer PC games through the use of hybrid anti–cheat mechanisms. Description The application suffers from an unquoted search path issue impacting the service 'EasyAntiCheat' for Windows...
Epic Games Psyonix Rocket League <=1.95 Insecure Permissions
Summary Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition. Description The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user tha...
Epic Games Rocket League 1.95 (AK::MemoryMgr::GetPoolName) Stack Buffer Overrun
Summary Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition. Description The game suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the...