Real Name | Gjoko Krstic |
---|---|
Email address | private |
First Active | 2007-07-26 |
Last Active | 2021-02-08 |
SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console remote code execution vulnerability.
2db834152ee7e493d99bb63e98a6d779
SmartFoxServer 2X version 2.17.0 suffers from a credential disclosure vulnerability.
5ad1821f1742d2c526f833b3e3273cd8
SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console cross site scripting vulnerability.
30b757cb9848d6b6428c7255e97ca242
STVS ProVision version 5.9.10 suffers from a cross site request forgery vulnerability.
9d1413e4356b04442edd4cf4047a66f3
STVS ProVision version 5.9.10 suffers from an authenticated reflective cross site scripting vulnerability.
aaa0dc980b48c821d79d69d4b74d19ab
STVS ProVision version 5.9.10 suffers from an authenticated file disclosure vulnerability in archive.rb.
d31975430c3a6921d40248700c0fd3b4
Selea CarPlateServer (CPS) version 4.0.1.6 suffers from a remote program execution vulnerability.
b508ef5c28adbddbdd545c151338231f
Selea CarPlateServer (CPS) version 4.0.1.6 suffers from a local privilege escalation vulnerability.
1fdb0ca0e6a83adb86d6020b489e504c
Selea Targa IP OCR-ANPR Camera suffers from an unauthenticated remote code execution vulnerability. Multiple versions and firmwares are affected.
1f6d65c1d8aae316ebd469a5c5656095
Selea Targa IP OCR-ANPR Camera suffers from an unauthenticated RTP/RTSP/M-JPEG stream disclosure vulnerability. Multiple versions and firmwares are affected.
885ab3fab2a7b9e95a83070d4921db46
Selea Targa IP OCR-ANPR Camera suffers from a cross site request forgery vulnerability that allows for adding an administrator. Multiple versions and firmwares are affected.
be38ae0d2e3c159a66288558c320fb05
Selea Targa IP OCR-ANPR Camera suffers from an unauthenticated server-side request forgery vulnerability. Multiple versions and firmwares are affected.
59086743ae56ccfe510616b711f3b59a
Selea Targa IP OCR-ANPR Camera suffers from an unauthenticated directory traversal vulnerability that allows for file disclosure. Multiple versions and firmwares are affected.
e108949a8210e2e7a6cb54e9dc8ce016
Selea Targa IP OCR-ANPR Camera has a hard-coded password for a hidden and undocumented /dev.html page that enables the vendor to enable configuration upload / overwrite to the affected device using the checkManufacturer() function through an AJAX method. Multiple versions and firmwares are affected.
214aebd00c61892818653846edb0adda
Selea Targa IP OCR-ANPR Camera suffers from a persistent cross site scripting vulnerability. Multiple versions and firmwares are affected.
c96a1da8081f5c2db7459923bd5b135f
The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.
cb6db35d7f26517c312bbf4e1a19976e
Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a remote file inclusion vulnerability by including arbitrary client-side dynamic scripts (JavaScript, VBScript, HTML) when adding content though the input URL material of type html. This allows hijacking of the current session of the user, execute cross-site scripting code, or changing the look of the page and content modification on current display.
85b5e3c8c9cb495114ef096e2616e76a
Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a client-side protection bypass due to an insecure direct object reference vulnerability.
9c3322511ba56f41f33f9e40b9574a1a
Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.
d5e3f98a3416a94cb0997c3b35929711
Whitepaper called Digital Signage Systems - The Modern Hacker's Outreach. It discusses everything from public incidents to common attack vectors leveraged to manipulate content.
5523c83e92054c30532290f6f4a597aa
RED-V Super Digital Signage System RXV-A740R is vulnerable to a sensitive information disclosure vulnerability. An unauthenticated attacker can visit several endpoints and disclose the webserver's log file list containing sensitive system resources and debug log information running on the device.
e1d1ea37410444110d5c4be18ea30b60
iDS6 DSSPro Digital Signage System version 6.2 suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the console or by insecure direct object references to hidden functionalities that can result in creating users, modifying roles and permissions and full takeover of the application.
e3500a490fb570726141f18d28cdea4a
The CAPTCHA function for iDS6 DSSPro Digital Signage System version 6.2 is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the autoLoginVerifyCode object an attacker can receive a JSON message code and successfully bypass the CAPTCHA-based authentication challenge and perform brute-force attacks.
63ad9696454afc1b19e579a677c06b40
iDS6 DSSPro Digital Signage System version 6.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
207d76baf968933618e1083a7fd98079
iDS6 DSSPro Digital Signage System version 6.2 suffers from a cleartext transmission/storage of sensitive information in a cookie when using the Remember (autoSave=true) feature. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.
6e74f91319785d9d2dc39fb672f1d06b