1103 matches found
BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
Summary BrightSign designs media players and provides free software and cloud networking solutions for the commercial digital signage market worldwide, serving all vertical segments of the marketplace. Description Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the...
SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal
Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...
SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration Weakness
Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...
B-swiss 3 Digital Signage System 3.6.5 CSRF Add Maintenance Admin
Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...
B-swiss 3 Digital Signage System 3.6.5 Database Disclosure
Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
Summary Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitatio...
Eibiz i-Media Server Digital Signage 3.8.0 (createUser) Authentication Bypass (Add Admin)
Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description The...
Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure
Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description i-Media...
Eibiz i-Media Server Digital Signage 3.8.0 (oldfile) File Path Traversal
Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description i-Media...
Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover
Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description The...
QiHang Media Web (QH.aspx) Digital Signage 3.0.9 (pre-auth) Remote Code Execution
Summary Digital Signage Software. Description The application suffers from an unauthenticated remote code execution. The vulnerability is caused due to lack of verification when uploading files with QH.aspx that can be written in any location by utilizing the 'remotePath' parameter to traverse...
QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion
Summary Digital Signage Software. Description Input passed to the 'data' parameter in 'QH.aspx' for delete action is not properly sanitised before being used to delete files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using their...
QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cleartext Credentials Disclosure
Summary Digital Signage Software. Description The application suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/User/User.xml' and obtain administrative login information...
QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability
Summary Digital Signage Software. Description The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the 'filename' parameter when using the download action or thru 'path' parameter when using the getAll action is not properly verified before being...
QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cookie User Password Disclosure
Summary Digital Signage Software. Description The application suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. QiHang Media Web QH.aspx Digital...
All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin
Summary Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content wil...
All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation
Summary Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content wil...
UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Through Authorization Bypass
Summary Medivision is a service that provides everything from DID operation to development of DID Digital Information Display optimized for hospital environment and production of professional contents, through DID product installation, image, video content planning, design work, and remote contro...
Plexus anblick Digital Signage Management 3.1.13 (pagina param) Open Redirect
Summary Advanced multiplatform digital signage solution. Reproduction of multimedia content in a visual and impressive way. Adaptable to any use and to various types of screen or display. Description Input passed via the 'pagina' GET parameter in 'PantallaLogin' script is not properly verified...
UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin
Summary Medivision is a service that provides everything from DID operation to development of DID Digital Information Display optimized for hospital environment and production of professional contents, through DID product installation, image, video content planning, design work, and remote contro...
rauLink Software Domotica Web 2.0 SQL Injection Authentication Bypass
Summary Smart home automation software. Description The application suffers from an SQL Injection vulnerability. Input passed through 'usuario' POST parameter in registraUsuario is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate...
Cayin Signage Media Player 3.0 Root Remote Command Injection
Summary CAYIN Technology provides Digital Signage solutions, including media players, servers, and software designed for the DOOH Digital Out-of-home networks. We develop industrial-grade digital signage appliances and tailored services so you don't have to do the hard work. Description CAYIN...
Cayin Content Management Server 11.0 Root Remote Command Injection
Summary CAYIN Technology provides Digital Signage solutions, including media players, servers, and software designed for the DOOH Digital Out-of-home networks. We develop industrial-grade digital signage appliances and tailored services so you don't have to do the hard work. Description CAYIN CMS...
Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution
Summary CAYIN xPost is the web-based application software, which offers a combination of essential tools to create rich contents for digital signage in different vertical markets. It provides an easy-to-use platform for instant data entry and further extends the usage of CAYIN SMP players to meet...
Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write
Summary The SG gateway appliance range provides Internet security and privacy of communications for small and medium enterprises, and branch offices. It simply and securely connects your office to the Internet, and with its robust stateful firewall, shields your computers from external threats...
Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User
Summary The SG gateway appliance range provides Internet security and privacy of communications for small and medium enterprises, and branch offices. It simply and securely connects your office to the Internet, and with its robust stateful firewall, shields your computers from external threats...
Extreme Networks Aerohive HiveOS <=11.x Remote Denial of Service Exploit
Summary Aerohive HiveOS is the network operating system that powers all Aerohive access points, based on a feature-rich Cooperative Control architecture. HiveOS enables Aerohive devices to organize into groups, or 'hives', which allows functionality like fast roaming, user-based access control an...
Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution
Summary Apros Evoluation / Furukawa / ConsciusMap is the Tecnored provisioning system for FTTH networks. Complete administration of your entire external FTTH network plant, including from the ONUs installed in each end customer, to the wiring and junction boxes. Unify all the management of your...
P5 FNIP-8x16A/FNIP-4xSH CSRF Stored Cross-Site Scripting
Summary The FNIP-8x16A is an eight channel relay module used for switching any type of load that doesn’t exceed the specifications. Via its built-in web site and TCP/IP communication, the outputs and inputs can be controlled and monitored from standard network capable devices such as computers,...
FIBARO System Home Center v5.021 Remote File Include XSS
Summary Imagine that you live in a house where everything happens by itself. FIBARO Smart Home takes care of your everyday comfort and safety of all family members and in the meantime, saves energy on every single occasion. All this is possible thanks to Home Center 2 smart home HUB. Home Center ...
Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak Exploit
Summary The Centaur digital recorder is a portable geophysical sensing acquisition system that consists of a high-resolution 24-bit ADC, a precision GNSS-based clock, and removable storage capabilities. Its ease of use simplifies high performance geophysical sensing deployments in both remote and...
Fifthplay S.A.M.I - Service And Management Interface Unauthenticated Stored XSS
Summary Fifthplay is a Belgian high-tech player and a subsidiary of Niko Group. We specialise in enriching smart homes and buildings for almost 10 years, and in services that provide comfort and energy. Our gateway provides a modular approach to integrating old and new technologies, such as smart...
HomeAutomation v3.3.2 Open Redirect
Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...
HomeAutomation v3.3.2 CSRF Add Admin Exploit
Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...
HomeAutomation v3.3.2 Authentication Bypass Exploit
Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...
HomeAutomation v3.3.2 Stored and Reflected XSS
Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...
Thrive Smart Home v1.1 Reflected Cross-Site Scripting
Summary As smart home technology becomes more affordable and easy to install with services offered by Thrive Smart Homes, there are some great options available to give your home a high-tech makeover. If the convenience of feeding your cat or turning on your air conditioning with a tap on your...
Thrive Smart Home v1.1 SQL Injection Authentication Bypass
Summary As smart home technology becomes more affordable and easy to install with services offered by Thrive Smart Homes, there are some great options available to give your home a high-tech makeover. If the convenience of feeding your cat or turning on your air conditioning with a tap on your...
MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Information Disclosure
Summary REST Gateway between Domoticz and Imperihome ISS. Domoticz is a home automation system with a pretty wide library of supported devices, ranging from weather stations to smoke detectors to remote controls, and a large number of additional third-party integrations are documented on the...
WEMS BEMS 21.3.1 Undocumented Backdoor Account
Summary We WEMS offer the world's first fully wireless energy management system. Our solution enables your organization to take control of its energy costs, by monitoring lighting, heating and air conditioning equipment to identify wastage across multiple sites and start saving money instantly...
WEMS Enterprise Manager 2.58 (email) Reflected XSS
Summary WEMS Enterprise Manager is a centralised management and monitoring system for many WEMS equipped sites. It retrieves and stores data to enable energy analysis at an enterprise wide level. It is designed to give global visibility of the key areas that affect a buildings' environmental and...
HomeAutomation v3.3.2 CSRF Remote Command Execution (PHP Reverse Shell) PoC
Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...
AVE DOMINAplus <=1.10.x Authentication Bypass Exploit
Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...
AVE DOMINAplus <=1.10.x Unauthenticated Remote Reboot
Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...
AVE DOMINAplus <=1.10.x CSRF/XSS Vulnerabilities
Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...
AVE DOMINAplus <=1.10.x Credentials Disclosure Exploit
Summary DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System. Designed to revolutionize your concept of living. DOMINA plus is the AVE home automation proposal that makes houses safer, more welcoming and optimized. In fact, our home automation system introduces cutting-edge...
Inim Electronics SmartLiving SmartLAN/G/SI <=6.x Root Remote Command Execution
Summary SmartLiving anti-intrusion control panel and security system provides important features rarely found in residential, commercial or industrial application systems of its kind. This optimized-performance control panel provides first-rate features such as: graphic display, text-to-speech,...
Inim Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials
Summary SmartLiving anti-intrusion control panel and security system provides important features rarely found in residential, commercial or industrial application systems of its kind. This optimized-performance control panel provides first-rate features such as: graphic display, text-to-speech,...
Inim Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF
Summary SmartLiving anti-intrusion control panel and security system provides important features rarely found in residential, commercial or industrial application systems of its kind. This optimized-performance control panel provides first-rate features such as: graphic display, text-to-speech,...